Virus and Spyware Removal Guides, uninstall instructions

What is ConvertorSearch?

ConvertorSearch is dubious software categorized as a browser hijacker. Following successful infiltration, it makes alterations to browser settings to promote convertorsearch.com (a bogus search engine).

Most browser hijackers monitor users' browsing habits. Due to the dubious methods employed to proliferate ConvertorSearch, it is also classified as a Potentially Unwanted Application (PUA).

What is Zasifrovano.zaplat.za klic 2021?

Zasifrovano.zaplat.za klic 2021 belongs to the Xorist ransomware family. Ransomware is a type of malware that prevents victims from accessing or using their files by encrypting them. Unless victims pay the ransom, their files remain encrypted. Usually, only the attackers have valid decryption tools.

The rogue program renames encrypted files by appending ".Zasifrovano.zaplat.za klic 2021" to filenames. For example, "1.jpg" is renamed to "1.jpg.Zasifrovano.zaplat.za klic 2021", "2.jpg" to "2.jpg.Zasifrovano.zaplat.za klic 2021", and so on.

This ransomware also displays a pop-up window and creates the "HOW TO DECRYPT FILES.txt" file, both of which contain ransom messages.

What is the mysearch Pro browser hijacker?

Mysearch Pro is a browser hijacker promoting the tailsearch.com fake search engine. Typically, software within this classification promotes fake search engines by making modifications to browser settings, however, mysearch Pro does not always operate in this way (see below). Additionally, it collects browsing-related information.

Since most users download/install browser hijackers unintentionally, they are also classified as Potentially Unwanted Applications (PUAs).

What is NOV?

NOV is a type of malware that prevents victims from accessing their files: it encrypts files and keeps them inaccessible unless victims pay a ransom.

This ransomware encrypts files and renames them by adding the victim's ID, yourfiles1@cock.li email address, and appending the ".NOV" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[yourfiles1@cock.li].NOV".

NOV also displays a pop-up window and creates the "MANUAL.txt" file. These contain instructions about how to contact the attackers.

Note that NOV belongs to the Dharma ransomware family and was discovered by Ravi.

What is Idecrypt ransomware?

Idecrypt is a ransomware-type program, which is part of the VoidCrypt malware family. Systems infected with Idecrypt experience data encryption and users receive ransom demands for decryption.

During the encryption process, files are renamed according to this pattern: original filename, cyber criminals' email address, unique ID assigned to the victims, and the ".idecrypt" extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.[Idecrypt.plz.dontworry@gmail.com][T137KZQEBAWDS6R].idecrypt" following encryption.

After this process is complete, ransom-demand messages in "!INFO.HTA" files are dropped into compromised folders.

What is the keepv[.]id site?

keepv[.]id is an untrusted website, which operates as a YouTube converter. This page offers a service to convert YouTube video URLs (links) to MP3 and MP4 files, which users can download. As well as this service infringing copyright law, it also uses rogue advertising networks.

Sites that employ these networks promote dubious and malicious web pages, which, if visited, endanger device/user safety. Therefore, you are strongly advised against visiting or using keepv[.]id.

What is gogoanime[.]so?

gogoanime[.]so is an anime streaming site, however, this page does not have the rights for the anime shows they stream, and so it streams anime illegally. Another problem with this page is that it uses rogue advertising networks: it contains deceptive, dubious advertisements and redirects users to dubious websites. Therefore, gogoanime[.]so is not a trusted website.

What is Secure ransomware?

Secure is a malicious program that belongs to the Scarab ransomware family. This malware encrypts data and demands payment for decryption.

During the encryption process, all affected files are renamed with a random character string and the ".secure" extension. For example, a file originally named "1.jpg" would appear as something similar to "2vciB639=NGfIQ.secure" following encryption.

After this process is complete, ransom messages in Russian "Инструкция.TXT" are dropped into compromised folders.

What is Cukiesi?

Cukiesi encrypts files and appends "_cU{victim's_ID}Cukiesi" to their filenames. For example, "1.jpg" is renamed to "1.jpg_cU{zvsOEJ}Cukiesi", "2.jpg" to "2.jpg_cU{zvsOEJ}Cukiesi", and so on.

Cukiesi also creates the "nooode.txt" text file in each folder that contains encrypted files. That file contains a ransom message with contact details and various other information.

What is MicroClick?

MicroClick functions as adware and a browser hijacker: it makes certain changes to browser settings and displays advertisements. This app might also gather browsing-related (and other) information.

Commonly, users download and install apps such as MicroClick inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).