Virus and Spyware Removal Guides, uninstall instructions

What is searchnewshighlights.com?

searchnewshighlights.com is a fake search engine, which might generate misleading results and includes dubious advertisements among its results. Note also that searchnewshighlights.com randomly opens new tabs and redirects users to other dubious websites.

Typically, browsers open fake search engines and other bogus addresses when potentially unwanted applications (PUAs) are installed on them (usually, browser hijackers).

searchnewshighlights.com is promoted via qsearch.pw and searchbaron.com (other fake search engines).

What is the wcsoft[.]link site?

wcsoft[.]link is a deceptive website promoting various scams. At the time of research, this web page ran two different schemes: the "(3) Viruses have been detected on your iPhone" and a version of the "VPN Update" scam. Schemes of this kind are designed to endorse a variety of untrustworthy and possibly malicious software.

These pages can promote fake anti-viruses, adware, browser hijackers, and other Potentially Unwanted Applications (PUAs). In some cases, deceptive sites promote Trojans, ransomware, and other malware.

Users rarely access wcsoft[.]link or similar sites intentionally - most enter them via mistyped URLs, redirects caused by intrusive ads, and already installed PUAs.

What is liveonscore[.]tv?

liveonscore[.]tv offers live scores from soccer, boxing, motorsports, basketball, and other sports. In fact, this website employs rogue advertising networks containing deceptive ads and forces users to visit other bogus websites. Furthermore, this site is likely to illegally streams sports content (without the copyright owner's permission).

You are strongly advised to avoid liveonscore[.]tv and other web pages of this kind.

What is Hipandahi ransomware?

Hipandahi is a malicious program categorized as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools. I.e., the files affected by Hipandahi become inaccessible and useless - to recover access to them, the ransomware instructs victims to make payments.

During the encryption process, files are appended with the ".encrypted" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.encrypted" following encryption.

After this process is complete, ransom-demand messages are created in a full-screen pop-up window and "How_to_decrypt_my_files.html" HTML files, which are dropped into compromised folders.

What is IncognitoSearchTech?

IncognitoSearchTech is rogue software classified as a browser hijacker. It operates by making modifications to browser settings to promote the incognitosearchtech.com fake search engine.

Additionally, most browser hijackers have data tracking capabilities that are used to collect browsing-related information. Due to the dubious techniques used to proliferate IncognitoSearchTech, it is also categorized as a Potentially Unwanted Application (PUA).

What is the fake "Budapest Bank" email?

"Budapest Bank email virus" refers to a spam campaign proliferating the LokiBot Trojan. The term "spam campaign" defines a large-scale operation during which scam emails are sent by the thousand. The messages sent through this campaign are presented as payment confirmations from the Budapest Bank.

Note that these emails are fake, and are in no way associated with the real Budapest Bank. The file attached to the scam messages contains LokiBot malware.

What is Oscorp?

Oscorp is malware targeting devices that use the Android operating system. It has various malicious functionality. Oscorp's capabilities include data extraction, sending text messages, making telephone calls, spying, removing anti-virus tools, etc.

Due to its many dangerous features, Oscorp is classified as a highly dangerous piece of software. Therefore, it must be removed immediately upon detection.

What is thehypenewz[.]com?

thehypenewz[.]com is used to promote other dubious websites and deceive visitors into giving it permission to display notifications. Users do not often visit websites such as thehypenewz[.]com intentionally - typically, they arrive at them when they click deceptive ads, through other untrusted pages that they visit, or when potentially unwanted applications (PUAs) are installed on their browsers.

There are many web pages similar to thehypenewz[.]com on the internet. Some of examples are lcutterlyba[.]top, goodmode[.]biz, and zvideo-live[.]com.

What is CinaRAT?

CinaRAT is a Remote Administration Trojan that is very similar to another RAT called Quasar. Typically, RATs allow the attackers to access and control infected machines remotely.

After successful installation, cyber criminals can use CinaRAT to manage files, access Command Prompt, Task Manager, and other Windows features, steal saved passwords from web browsers and FTP software, and log keystrokes. CinaRAT uses certain techniques to avoid antivirus detection.

What is My Smartlink?

My Smartlink is a browser hijacker that promotes the tailsearch.com fake search engine. Typically, software of this type makes changes to browser settings to promote search engines, however, My Smartlink does not actually modify browsers when promoting tailsearch.com (see below).

Additionally, this browser hijacker collects browsing-related information. Since most users download/install browser hijackers inadvertently, they are also categorized as Potentially Unwanted Applications (PUAs).