Virus and Spyware Removal Guides, uninstall instructions

What is RadioFanaticSearch?

RadioFanaticSearch promotes radiofanaticsearch.com (the address of a fake search engine) by changing browser settings without users' permission. It can also read browsing data. People users do not often download or install apps such as RadioFanaticSearch intentionally and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is Qsayebk ransomware?

Qsayebk is a malicious program belonging to the Snatch ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption.

During the encryption process, files are appended with the ".qsayebk" extension. For example, "1.jpg" would appear as "1.jpg.qsayebk", "2.jpg" as "2.jpg.qsayebk", and so on.

After this process is complete, text files named "HOW TO RESTORE YOUR FILES.TXT", which contain identical ransom messages, are dropped into compromised folders.

What is Covid21?

Covid21 is coronavirus-themed malware that corrupts The Master Boot Record (MBR), the first sector on a startup drive that contains executable code operating as a loader for the operating system. In this way, Covid21 prevents users from accessing the Windows Operating System. It also changes the desktop wallpaper.

What is WizardUpdate?

WizardUpdate is an adware-type application with browser hijacker traits. It operates by delivering intrusive advertisement campaigns and making alterations to browser settings to promote fake search engines. Additionally, most adware and browser hijackers have data tracking capabilities, which are employed to gather browsing-related information.

Due to the dubious techniques used to proliferate WizardUpdate, it is also categorized as a Potentially Unwanted Application (PUA). This app has been noted being promoted through the installation setup of another PUA called DLVPlayer.

What is crypt-protection[.]com?

crypt-protection[.]com is a deceptive website designed to trick visitors into downloading and installing a potentially unwanted application (PUA), which supposedly removes viruses that this site has "detected" on devices.

You should ignore crypt-protection[.]com and similar sites - the virus notifications (or other messages) that they display are fake. Note that users do not often visit pages such as crypt-protection[.]com intentionally.

What is Esexz?

Esexz ransomware encrypts files and appends the ".esexz" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.esexz", "2.jpg" to "2.jpg.esexz", and so on. Esexz also creates a ransom message within the "readme.txt" file, which is stored in all folders that contain encrypted files.

What is Registry Medic?

Registry Medic is software, endorsed as a system registry error removal and optimization tool. Due to the dubious techniques used to proliferate this application, it is also classified as a Potentially Unwanted Application (PUA). Note that PUAs can have undisclosed, unwanted and possibly dangerous capabilities.

What is techmobionline[.]com?

techmobionline[.]com is a deceptive site designed to promote scams. At the time of research, this web page promoted two different schemes. One of the scams claimed that visitors' browsers are infected (which is impossible for any website to detect), whilst the other promoted the necessity of a VPN.

The purpose of these types of scams is to endorse various software products. While legitimate applications may be promoted using such techniques, they are more commonly employed to proliferate untrustworthy and even malicious content (possibly, disguised under the names/appearances of genuine products).

For example, schemes like those run on techmobionline[.]com often promote fake anti-viruses, adware, browser hijackers and similar Potentially Unwanted Applications (PUAs), as well as Trojans, ransomware and other malware.

Deceptive/Scam websites are typically accessed via mistyped URLs, redirects caused by intrusive advertisements or by PUAs already installed on the system.

What is hipermovies[.]website?

Typically, websites such as hipermovies[.]website are promoted via deceptive ads, other dubious websites, or potentially unwanted applications (PUAs). I.e., users do not often visit these bogus websites intentionally. More examples of similar pages are thgworldwideblog[.]com, novaidea[.]biz, and purplemedia[.]biz.

What is Hrdhs ransomware?

Hrdhs is malicious software, which is part of the Snatch ransomware family. This malware is designed to encrypt data and demand payment for decryption.

During the encryption process, compromised files are appended with the ".hrdhs" extension. For example, a fie originally named something like "1.jpg" would appear as "1.jpg.hrdhs", "2.jpg" as "2.jpg.hrdhs", "3.jpg" as "3.jpg.hrdhs", and so on. Once this process is complete, ransom-demand messages named "README_HRDHS_FILES.txt" are dropped into affected folders.