Virus and Spyware Removal Guides, uninstall instructions

What is Booa?

Booa belongs to the Djvu ransomware family. It prevents victims from accessing their files by encryption and creates a ransom message ("_readme.txt" file) that contains details such as cost of decryption software and key and how to contact cyber criminals.

Booa also renames files by appending the ".boaa" extension to their filenames. For example, "1.jpg" is renamed to "1.jpg.booa", "2.jpg" to "2.jpg.booa", and so on.

What is CTRM ransomware?

CTRM ransomware encrypts files and renames them. It also creates the "CTRM_INFO.rtf" file (ransom message) in all folders that contain encrypted files. CTRM renames files by replacing their filenames with the citrteam@yahoo.com email address, a string of random characters, and appending ".CTRM" as the file extension.

For example, "1.jpg" is renamed to "[Citrteam@yahoo.com].orSl0b2S-zT5rOiZG.CTRM", "2.jpg" to "[Citrteam@yahoo.com].plDg9v3D-pR4h9kLF.CTRM", and so on. Note that CTRM belongs to the family of ransomware called Matrix.

What is Swat ransomware?

Swat is malicious software belonging to the VoidCrypt ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools.

When this ransomware encrypts, affected files are renamed following this pattern: original filename, cyber criminals' email address, unique ID assigned to the victim, and the ".swat" extension. For example, a file named "1.jpg" would appear as something similar to "1.jpg.[coinloby@gmail.com][86GANMJB5OXRZFT].swat" following encryption.

After this process is complete, ransom messages within "!INFO.HTA" files are dropped into compromised folders.

What is cenesserie[.]fun site?

cenesserie[.]fun is a rogue website sharing many similarities with indexspotcaptcha.com, nlyimprese.fun, atinterboa.space and countless others. Visitors to this page are presented with dubious content and are redirected to other untrustworthy or possibly malicious sites.

Few visitors access cenesserie[.]fun or other similar websites intentionally - most are redirected to them by intrusive ads or by Potentially Unwanted Applications (PUAs). This software does not require explicit consent to infiltrate systems, and thus users may be unaware of its presence. PUAs cause redirects, run intrusive advertisement campaigns and collect browsing-related information.

What is AutoIncognitoSearch?

AutoIncognitoSearch is classified as browser hijacker because it promotes autoincognitosearch.com, the address of a fake search engine by modifying certain browser settings. Furthermore, it is likely that this app also gathers information relating to web browsing activities.

Typically, users do not download or install browser hijackers intentionally and, therefore, AutoIncognitoSearch and similar apps are classified as potentially unwanted applications (PUAs).

What is indexspotcaptcha[.]com?

There are many websites similar to indexspotcaptcha[.]com on the internet. Some examples are nlyimprese[.]fun, atinterboa[.]space and tutupdate29[.]com.

Note that users do not visit these web pages intentionally - they are opened by browsers with potentially unwanted applications (PUAs) installed on them.

What is MONETA?

MONETA belongs to the Phobos ransomware family. It encrypts victims' files, renames them, displays a pop-up window, and creates the "info.txt" text file. MONETA adds the victim's ID, ICQ username, and appends the ".MONETA" extension to the filenames of encrypted files.

For example, "1.jpg" is renamed to "1.jpg.id[C279F237-3105].[ICQ_Monetadicavallo].MONETA", "2.jpg" to "2.jpg.id[C279F237-3105].[ICQ_Monetadicavallo].MONETA", and so on. The pop-up window and "info.txt" text file contain the ransom messages, which contain instructions about how to contact cyber criminals who designed the ransomware.

What is GetConverterSearch?

GetConverterSearch is classified as a browser hijacker because it modifies browser settings without users' knowledge. I.e., it forces people to use a fake search engine (visit getconvertersearch.com). Typically, users download and install browser hijackers inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is watch-video[.]net?

Like many other similar websites (e.g., news06[.]biz, bifidavity[.]club, opertisticolk[.]club), watch-video[.]net is designed to promote/open other untrusted sites and display dubious content. Commonly, browsers open these websites when PUAs are installed on them, or when users click deceptive advertisements or visit bogus web pages.

What is the Chrome Tools adware?

Chrome Tools is rogue software classified as adware. Following successful installation, it operates by running intrusive advertisement campaigns. I.e., Chrome Tools delivers various dubious and harmful ads.

Additionally, this adware has data tracking capabilities, which are used to collect browsing-related information. Due to the dubious methods used to proliferate Chrome Tools, it is also classified as a Potentially Unwanted Application (PUA).