Virus and Spyware Removal Guides, uninstall instructions

What is NewPDFSearch?

NewPDFSearch is dubious software categorized as a browser hijacker. It makes modifications to browser settings to promote newpdfsearch.com (a fake search engine).

Browser hijackers are usually able to track browsing-related data, and it is likely that NewPDFSearch operates in this manner as well. Due to the dubious tactics employed to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

What is PDFConverterSearcher?

PDFConverterSearcher changes assigns specific browser settings to pdfconvertersearcher.com, the address of a fake search engine. Like most browser hijackers, PDFConverterSearcher changes these settings without users' permission. This app can also read browsing-related and possibly other information.

Typically, users install browser hijackers inadvertently and, for this reason, PDFConverterSearcher and other apps of his type are categorized as potentially unwanted applications (PUAs).

What is LyDark ransomware?

LyDark is malicious software, which is part of the Xorist ransomware family. It is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are appended with the ".LyDark" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.LyDark", and so on.

After this process is complete, ransom messages are created in a pop-up window and "HOW TO DECRYPT FILES.txt" text files, which are dropped into compromised folders. Additionally, LyDark ransomware changes the desktop wallpaper.

What is PAYMENT?

PAYMENT belongs to the Phobos ransomware family. It is designed to encrypt files, rename each encrypted file, display a ransom message, and create the "info.txt" text file (second ransom message).

PAYMENT renames files by adding the victim's ID, the ICQ username of its developers, and appending the ".PAYMENT" extension. For example, "1.jpg" is renamed to "1.jpg.id[C279F237-3130].[ICQ_Cavallobtc].PAYMENT", "2.jpg" to "2.jpg.id[C279F237-3130].[ICQ_Cavallobtc].PAYMENT", and so on.

What is the "Advance Payment Received" scam email?

"Advance Payment Received" is a spam email campaign. This term refers to a mass-scale operation, during which thousands of deceptive emails are sent. The messages sent through this spam campaign are presented as notifications concerning a purchase order.

Note that "Advance Payment Received" emails are fake and none of the information provided by them is genuine. The purposes of these messages is to proliferate Zloader malware.

What is luckhours[.]com?

luckhours[.]com is similar to many other websites of this type. For example, hipermovies[.]website, thgworldwideblog[.]com and novaidea[.]biz. Usually, browsers open these web pages when potentially unwanted applications (PUAs) are installed on them, or users click dubious ads or visit bogus web pages. In any case, people do not often visit addresses such as luckhours[.]com intentionally.

What is Cisco WebEx virus?

"Cisco WebEx virus" is a generic term used to describe unwanted and malicious software, distributed and disguised as content relating to Cisco Webex products.

Cisco Webex is the name of a legitimate company developing web conferencing and videoconferencing software, notably Webex Meetings, Webex Teams, Training Center, Event Center, Support Center, Sales Center, MeetMeNow and so on.

Recently, due to the Coronavirus/COVID-19 pandemic, the demand for such software has increased, and this has been noted and exploited by cyber criminals.

Since Cisco WebEx is highly accessible - for example, it offers cross-platform products (i.e., capable of working on various operating systems) and certain free services/plans - it is a prime target for criminals seeking to exploit its popularity for malicious purposes.

As observed by ESET research, adware developers/distributors have started promoting their products under the guise of Cisco WebEx applications.

What is yourwownews[.]com?

yourwownews[.]com is a rogue website sharing many common traits with thgworldwideblog.com, purplemedia.biz, check-this.news, and countless of others. Visitors to this page are presented with dubious content and/or redirected to other untrustworthy or possibly malicious sites.

These websites are rarely accessed intentionally - most users are redirected to them by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into their devices. This software does not require explicit permission to be installed onto systems, and thus users may be unaware of its presence.

What is HDMovieSearch?

The HDMovieSearch browser hijacker promotes hdmoviesearch.com, the address of a fake search engine. Like most sites of this type, it achieves this by changing browser settings without users' permission.

This app can also read browsing-related information. Note that browser hijackers are often downloaded and installed by users unintentionally. For this reason, they are classified as potentially unwanted applications (PUAs).

What is GetPDFConverterSearch?

GetPDFConverterSearch is a browser hijacker. Following successful infiltration, it makes modifications to browser settings to promote getpdfconvertersearch.com (a bogus search engine). Additionally, this browser hijacker has data tracking capabilities, which are used to collect browsing-related information.

Due to the dubious techniques used to proliferate GetPDFConverterSearch, it is also classified as a Potentially Unwanted Application (PUA).