Virus and Spyware Removal Guides, uninstall instructions

What is TypicalInput?

TypicalInput is adware (generates ads), however, it can also be classified as a browser hijacker, since it promotes a fake search engine by changing browser settings without users' permission. Additionally, it is likely that this app collects browsing data and other information.

TypicalInput and similar apps (adware, browser hijackers) are often downloaded and installed by users unintentionally and, for this reason, they are also classified as potentially unwanted applications (PUAs).

What is Search Lovely?

Search Lovely and similar apps are classified as browser hijackers because they change browser settings to force users to visit a specific address (and use a fake search engine). This particular app promotes tailsearch.com in this way.

Browser hijackers also collect browsing-related (and other) information. In most cases, users download and install these rogue apps inadvertently and, therefore, they are categorized as potentially unwanted applications.

What is Rubly?

Rubly encrypts files and displays a ransom message in a pop-up window. It also renames each encrypted file by appending the ".rubly" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.rubly", "2.jpg" to "2.jpg.rubly", and so on.

Note that Rubly is a part of the Jigsaw ransomware family.

What is Aol ransomware?

Aol ransomware belongs to the family of ransomware called Dharma. It encrypts files and renames them. It also creates the "FILES ENCRYPTED.txt" file and displays a pop-up window - these contain ransom messages.

Aol renames files by adding the victim's ID, astra2eneca@aol.com email address, and appending the ".aol" extension. For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[astra2eneca@aol.com].aol", "2.jpg" to "2.jpg.id-C279F237.[astra2eneca@aol.com].aol", and so on.

What is JSSLOADER?

JSSLOADER is a Remote Access Trojan (RAT) capable of exfiltrating data, executing commands, downloading other malware, auto-updating itself and preventing itself from being debugged (analyzed). JSSLOADER is mostly used by the group of cyber criminals called FIN7.

What is Hub ransomware?

Hub encrypts files, renames each encrypted file by adding the victim's ID, crypthub@tuta.io email address, and appending ".hub" extension. For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[crypthub@tuta.io].hub", "2.jpg" to "2.jpg.id-C279F237.[crypthub@tuta.io].hub", and so on.

Hub also displays a pop-up window and creates the "FILES ENCRYPTED.txt" file, both of which contain instructions about how to contact the ransomware developers.

Note that Hub belongs to the Dharma ransomware family.

What is SampleConsole?

SampleConsole generates advertisements, modifies browser settings (promoting a fake search engine), and collects personal, sensitive information. In this way, it functions as adware, and as a browser hijacker and data collector.

SampleConsole and similar apps are often downloaded and installed by users unintentionally and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is Crazy ransomware?

Crazy ransomware belongs to the VoidCrypt ransomware family. It blocks access to files by encryption, renames each encrypted file, and creates the "!INFO.HTA" file, which is designed to open a pop-up window containing a ransom message.

Crazy renames files by adding the crazykillerusakk@hotmail.com email address, victim's ID, and appending the ".crazy" extension. For example, "1.jpg" is renamed to "1.jpg.[crazykillerusakk@hotmail.com][VA7ZKYXEJ53UMRF].crazy", "2.jpg" to "2.jpg.[crazykillerusakk@hotmail.com][VA7ZKYXEJ53UMRF].crazy", and so on.

What is Finding Pro?

The Finding Pro browser hijacker promotes tailsearch.com, a fake search engine. Typically, apps of this type promote fake search engines by changing certain browser settings without users' permission, however, this is not always the case with this site (see below).

Additionally, Finding Pro collects browsing history details, however, it might also target other data. Users often download and install browser hijackers inadvertently and, for this reason, Finding Pro and other apps of this type are classified as potentially unwanted applications (PUAs).

What kind of malware is Alfonso?

Alfonso (also known as Al'fon$o) is an information stealer that cyber criminals sell on hacker forums. Typically, malware of this type targets credit card details, passwords (and other sensitive information), and runs stealthily in the system background.