Virus and Spyware Removal Guides, uninstall instructions

What is Trash the Cache?

Trash the Cache supposedly deletes browser history, cookies, cache, and various other data, however, this app functions as adware: it generates revenue for the developers by feeding users with unwanted advertisements.

Adware can collect data relating to users' browsing habits or even private, sensitive information.

Note that Trash the Cache is an untrusted app. Typically, users download and install these bogus apps inadvertently and, therefore, they are classified as potentially unwanted applications (PUAs).

What is ValidMemory?

ValidMemory is an adware-type app with browser hijacker traits. It operates by delivering various intrusive advertisements and promoting fake search engines by modifying browsers. Due to the dubious techniques used to spread ValidMemory, it is also classified as a Potentially Unwanted Application (PUA).

Most PUAs have data tracking capabilities that are employed to monitor users' browsing habits. ValidMemory has been observed being spread via fake Adobe Flash Player updates. Note that bogus software updaters/installers can proliferate trojans, ransomware, and other malware.

What is "WIN-8x0007 Error"?

"WIN-8x0007 Error" is the name of a technical support scam run on deceptive websites. Schemes of this type inform users of nonexistent threats on their systems and urge them to contact fake tech support. The "WIN-8x0007 Error" scam targets German users. It also downloads an audio file that contains the same message in Japanese.

As is common of these scams, "WIN-8x0007 Error" is presented as a Windows support alert issued by Microsoft. Note that no site can detect threats/issues on visitors' devices. Any that makes such claims are scams with no relation to legitimate companies (e.g., Microsoft Corporation).

Typically, untrusted web pages are accessed via mistyped URLs, or redirects caused by intrusive ads or installed unwanted applications.

What is "Fund Release email scam"?

Scammers often use email as a channel to trick people into providing sensitive information (e.g., login credentials, credit card details, social security numbers), sending money and installing malware onto their computers. Scammers usually disguise their emails as important, official messages from legitimate companies.

They use the names of well-known entities, logos, names of real people, take advantage of real events, etc., to add authenticity to their emails. This email is disguised as a message regarding fund release - scammers spread with the aim to extort money from recipients.

What is Bright Tab?

Bright Tab is a browser hijacker promoting the tailsearch.com fake search engine. Typically, software within this category promotes fake search engines by modifying browser settings, however, Bright Tab does not always operate in this way (see below).

Additionally, Bright Tab has data tracking capabilities, which are used to collect browsing-related information. Since most users download/install browser hijackers inadvertently, they are also classified as Potentially Unwanted Applications (PUAs).

What is .help?

Ransomware is a type of malware that blocks access to files by encryption. Usually, malware of this type displays or creates a ransom message stating that victims cannot access their files unless they pay a ransom.

.help ransomware encrypts files, modifies their filenames, and creates the "readme-warning.txt" text file (.help creates this file in each folder that contains encrypted files). It renames encrypted files by adding the victim's ID, tuzadiea@msgsafe.io email address, and appending the ".help" extension. For example, "1.jpg" is renamed to "1.jpg.[9B83AE23].[tuzadiea@msgsafe.io].help", "2.jpg" to "2.jpg.[9B83AE23].[tuzadiea@msgsafe.io].help", and so on.

This ransomware belongs to the Makop ransomware family.

What is the "All Best Logistics" scam email?

"All Best Logistics email virus" is the name of a malware-proliferating spam campaign. This term defines a mass-scale operation during which thousands of deceptive/scam emails are sent. The messages distributed through this campaign are disguised as inquiries concerning a shipment order.

The file attached to the scam emails is designed to infect systems with GuLoader malware when opened. This malicious program operates by causing chain infections.

What is Snoopdogg?

Ransomware is a type of malware that encrypts files. Cyber criminals use ransomware to prevent victims from accessing/using their files, and are then forced to pay a ransom (purchase a decryption tool).

Snoopdogg encrypts and renames files and creates the "Decrypt-me.txt" text file in all folders that contain affected (encrypted) data. It renames files by adding the openfileyou@protonmail.com email address, a string of random characters (possibly the victim's ID), and appending the ".Snoopdogg" extension.

For example, "1.jpg" is renamed to "1.jpg.[Openfileyou@protonmail.com][MJ-ZV8607394251].Snoopdogg", "2.jpg" to "2.jpg.[Openfileyou@protonmail.com][MJ-ZV8607394251].Snoopdogg", and so on.

Note that Snoopdogg belongs to the VoidCrypt ransomware family.

What is Assist?

Ransomware is one of the most dangerous malware forms: it encrypts files on infected computers and keeps them inaccessible (unusable) unless victims pay a ransom.

Assist ransomware encrypts and renames files, appending the ".assist" extension to filenames. Therefore, a file named "1.jpg" is changed to "1.jpg.assist", "2.jpg" to "2.jpg.assist", and so on.

Assist also creates the "ASSIST-README.txt" file (a ransom message), which can be found in all folders that contain encrypted data.

What is .pp (MedusaLocker) ransomware?

Belonging to the MedusaLocker ransomware family, .pp is a malicious program designed to encrypt data and demand payment for decryption. I.e., the files affected by this malware are rendered inaccessible and useless. Victims are informed that the data can be recovered by paying the cyber criminals behind the infection.

During the encryption process, files are appended with the ".pp" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.pp", "2.jpg" as "2.jpg.pp", "3.jpg" as "3.jpg.pp", and so on.

After this process is complete, ransom-demand messages in "Recovery_Instructions.html" files are dropped into compromised folders.