Virus and Spyware Removal Guides, uninstall instructions

What is TigerMovieSearch?

TigerMovieSearch is rogue software categorized as a browser hijacker. It operates by making modifications to browser settings to promote tigermoviesearch.com (a bogus search engine). Additionally, most browser hijackers monitor users' browsing activity - it is likely that TigerMovieSearch has these data tracking capabilities as well.

Due to the dubious methods used to proliferate browser hijackers, these programs are also classified as Potentially Unwanted Applications (PUAs).

What is the "Zero day security vulnerability on Zoom app" scam email?

"Zero day security vulnerability on Zoom app" is a spam campaign that uses the sextortion scam model. The term "spam campaign" defines a mass-scale operation during which thousands of deceptive emails are sent. The messages distributed through this campaign claim that the sender has obtained highly compromising video footage of the recipient.

The nonexistent recordings were supposedly made via an exploit of a vulnerability found in the Zoom application, a legitimate conferencing service. These scam emails aim to trick recipients into paying ransoms to avoid having the fake videos publicized.

Note that all claims made by the "Zero day security vulnerability on Zoom app" messages are false.

What is METZA email virus?

Malspam emails such as this one usually contain a download link or malicious attachment. The emails can be used to deliver ransomware, Trojans, crypto miners, spyware and keyloggers, and other malware. This particular malspam message is used to deliver Agent Tesla, a Remote Administration Tool (RAT).

What is ProcesserLog?

ProcesserLog is a dubious application classified as adware. It also has browser hijacker traits. This app operates by running intrusive advertisement campaigns and making alterations to browser settings to promote fake search engines.

Since most users download/install ProcesserLog inadvertently, it is classified as a Potentially Unwanted Application (PUA). PUAs typically have data tracking capabilities, which are used to collect browsing-related information.

What is Milleni5000?

Milleni5000 ransomware is designed to encrypt files and rename them by appending ".secure[milleni5000@qq.com]" as the file extension. For example, "1.jpg" is renamed to "1.jpg.secure[milleni5000@qq.com]", "2.jpg" to "2.jpg.secure[milleni5000@qq.com]", and so on.

Milleni5000 also creates the "RESTORE_FILES_INFO.txt" text file in folders that contain encrypted files.

An updated variant of Milleni5000 ransomware also drops the "RESTORE_FILES_INFO.hta" file in addition to the text file. The messages within these files are essentially identical.

What is Divsouth ransomware?

Divsouth is a malicious program that is part of the MedusaLocker ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption.

During the encryption process, all compromised files are appended with the ".divsouth" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.divsouth" following encryption. Once this process is complete, ransom messages within "Recovery_Instructions.html" files are dropped into affected folders.

What is Motion ransomware?

Motion belongs to the Xorist ransomware family. It encrypts files and appends the ".motion" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.motion", "2.jpg" to "2.jpg.motion", and so on.

Motion also creates the "HOW TO DECRYPT FILES.txt" file in all folders and displays a pop-up window. Both contain ransom messages with payment information.

What is Video Search adware?

Video Search is rogue software endorsed as a tool for quick searching of multiple video-hosting platforms (e.g., YouTube, Vimeo, Facebook, Google Video, and Bing Videos) straight from the browser.

In fact, Video Search is classified as adware, since it runs intrusive advertisement campaigns. I.e., it delivers various misleading and even malicious ads.

Furthermore, Video Search monitors users browsing activity and collects private, sensitive information extracted from it. Since most users download/install adware unintentionally, apps within this category are also classified as Potentially Unwanted Applications (PUAs).

What is Screenshot Tool and Editor?

Screenshot Tool and Editor is advertised as a tool for taking screenshots of entire websites, capturing web page elements, and editing the screenshots (e.g., adding text). What is not advertised is that Screenshot Tool and Editor functions as adware, and thus generates unwanted advertisements.

Adware-type apps are categorized as potentially unwanted applications (PUAs), since most users download and install them inadvertently.

What is CryptoLocker-v3?

CryptoLocker-v3 is a malicious program belonging to the CryptoLocker ransomware family. It is designed to encrypt data and demand ransoms for decryption tools. During the encryption process, files are appended with the ".ecc" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.ecc", "2.jpg" as "2.jpg.ecc", "3.jpg" as "3.jpg.ecc", and so on.

After this process is complete, ransom messages are created in a pop-up window, "HELP_TO_DECRYPT_YOUR_FILES.txt" text file, and desktop wallpaper "HELP_TO_DECRYPT_YOUR_FILES.bmp".

The text presented in the text file and wallpaper is identical.