Virus and Spyware Removal Guides, uninstall instructions

What is GameSearcher?

GameSearcher is dubious software classified as a browser hijacker. It operates by making alterations to browser settings to promote game-searcher.com (a fake search engine). Additionally, GameSearcher collects browsing-related information, which makes it a serious privacy concern.

Due to the dubious methods used to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

What is MILIHPEN?

MILIHPEN belongs to the family of ransomware called NEFILIM and was discovered by MalwareHunterTeam. MILIHPEN is a form of malware that encrypts files to prevent victims from using or accessing their data unless a ransom is paid.

In most cases, ransomware not only encrypts files but also renames them. MILIHPEN appends the ".MILIHPEN" extension to the filenames. For example, "1.jpg" is renamed to "1.jpg.MILIHPEN", "2.jpg" to "2.jpg.MILIHPEN", and so on.

MILIHPEN also creates the "MILIHPEN-INSTRUCT.txt" file (ransom message) in all folders that contain encrypted files.

What is TomLe ransomware?

TomLe is malicious software, which is part of the Dharma ransomware group. It operates by encrypting data and demanding payment for decryption.

During the encryption process, files are renamed according to this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and the ".TomLe" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[TomLee240@aol.com].TomLe" after encryption.

Following the completion of this process, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is Us1 ransomware?

Us1 is a malicious program belonging to the MedusaLocker ransomware family. This malware operates by making files inaccessible and redundant by encryption, in order to demand ransoms for decryption.

When Us1 encrypts data, files are appended with the ".us1" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.us1" following encryption. After this process is complete, ransom messages within "Recovery_Instructions.html" files are dropped into affected folders.

What is Block Hack?

This website is advertised as a console to redirect unconfirmed Bitcoin cryptocurrency transactions to the provided BTC wallet. No less than two antivirus scanners on VirusTotal detected this as a phishing website.

Research shows that the site also contains a login form, which could be used to steal login credentials. Since this web page is crypto-related, it might be used to hijack Bitcoin wallets.

What is fake Google Translate extension?

Potentially unwanted applications (PUAs) are commonly distributed using installers for other apps of this type. In other words, this software is often bundled with additional unwanted and/or malicious applications.

Hence, in some cases, a deceptive installer (e.g., fake Adobe Flash Player updater/installer) carrying software like the fake Google Translate extension - also installs multiple browser hijackers, adware, trojans, ransomware, etc.

This fake Google Translate extension is also promoted using deceptive installers. It can operate as adware, spy on users' browsing activity, and even steal Facebook log-in credentials. Users who have this extension installed on browsers should remove it immediately.

What is videogate1[.]com?

videogate1[.]com is an untrusted web page that users do not often visit intentionally. Usually, these pages are opened by clicking deceptive ads, while visiting other bogus web pages, or they are opened by browsers with potentially unwanted applications (PUAs) installed.

There are many websites similar to videogate1[.]com online including, for example, financeflick[.]com, aboutyoun[.]com, and datingbasedspot[.]com.

What is Namaste ransomware?

Namaste is designed to prevent victims from accessing their files - it encrypts and renames files and keeps them inaccessible unless victims use a valid decryption tool. This ransomware appends the "._enc" extension to the filenames of all encrypted files. For example, "1.jpg" is renamed to "1.jpg._enc", "2.jpg" to "2.jpg._enc", and so on.

Namaste also displays a ransom message on the screen and changes the desktop wallpaper. This ransomware is notable for repeatedly playing an audio recording announcing: "pay now to recover your files".

What is the Avaad ransomware?

Discovered by Jakub Kroustek, Avaad is a malicious program belonging to the Dharma ransomware group. It is designed to encrypt data and demand payment for decryption. During the encryption process, affected files are renamed following this pattern: original filename, unique ID, cyber criminals' email address, and the ".Avaad" extension.

For example, a file originally titled "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[Avaaddams@msgsafe.io].Avaad" following encryption. After this process is complete, ransom-demand messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is x2convert[.]com?

X2convert[.]com is an untrusted website, offering YouTube video and audio download services. This page allows users to convert YouTube URLs (links) into downloadable MP3/MP4 files.

Note that x2convert[.]com infringes copyright laws and uses rogue advertising networks. Sites that use these networks promote various untrusted and malicious websites, which pose a threat to device and user safety. Therefore, you are strongly advised against visiting or using x2convert[.]com.