Virus and Spyware Removal Guides, uninstall instructions

What is the Garbage Cleaner PUA?

Garbage Cleaner is an untrustworthy application and a new variant/updated version of G-Cleaner. It is endorsed as a tool for cleaning operating systems (i.e. removing junk files and other unnecessary content), however, due to the dubious methods used to proliferate Garbage Cleaner, it is also classified as a Potentially Unwanted Application (PUA).

In summary, Garbage Cleaner is a fake cleaner that cyber criminals use to distribute malware.

What is Hmmmmm ransomware?

Since Hmmmmm is classified as ransomware, it encrypts files, modifies their filenames and generates a ransom message. It renames encrypted files by adding the aser51a0@mailfence.com email address, victim's ID, and appends the ".hmmmmm" extension.

For example, "1.jpg" is renamed to "1.jpg.[ASer51a0@mailfence.com][ZVNC2IBGP8WFE6L].hmmmmm", "2.jpg" to "2.jpg.[ASer51a0@mailfence.com][ZVNC2IBGP8WFE6L].hmmmmm", and so on. Hmmmmm generates the "!INFO.HTA" file (ransom message) in all folders that contain encrypted files.

Hmmmmm is part of the VoidCrypt ransomware family.

What is OnlinePDFConverterSearch?

OnlinePDFConverterSearch is a browser hijacker. Following successful installation, it makes alterations to browser settings to promote onlinepdfconvertersearch.com (a fake search engine). Furthermore, OnlinePDFConverterSearch has data tracking capabilities, which are employed to monitor users' browsing activity.

Since most users download/install browser hijackers unintentionally, they are also classified as Potentially Unwanted Applications (PUAs).

What is InitialMachine?

InitialMachine is an adware-type application with browser hijacker characteristics. Following successful infiltration, this app delivers intrusive advertisement campaigns and makes modifications to browser settings to promote fake search engines.

Additionally, adware-type apps and browser hijackers typically have data tracking capabilities, which are used to collect browsing-related information. Due to the dubious methods used to proliferate InitialMachine, it is also categorized as a Potentially Unwanted Application (PUA).

What is torrent9[.]so?

torrent9[.]so is a torrent website that uses rogue advertising networks. Note that torrenting is legal, however, sharing and downloading unsanctioned copyrighted material is not. Note also that torrent9[.]so displays dubious ads and redirects visitors to various other bogus websites.

Therefore, avoid these websites. There are other torrent9[.]so variants including, for example, torrent9[.]pl. It is likely that these web pages will redirect visitors from different countries to various other websites accordingly.

What is ChannelSystem?

ChannelSystem is a potentially unwanted application (PUA) that is classified as adware, however, if also functions as a browser hijacker. This app serves advertisements, promotes a fake search engine, and possibly collects browsing data and various other information.

ChannelSystem is classified as a PUA because users often download and install adware-type apps (including browser hijackers) inadvertently.

What is IceRAT?

IceRAT is malicious software. While its name contains the abbreviation "RAT", this malware operates less such as a Remote Access Trojan and more as a 'backdoor'. RATs enable remote access and control over an infected machine, whilst backdoor Trojans cause chain infections (i.e. download/install additional malware).

The former often have backdoor capabilities, however, the distinction is made through RATs' capabilities to stealthily control (i.e. issue and execute commands on) a compromised device, however, despite IceRAT's inability to exercise this level of control over infected systems, it is nonetheless classified as a highly dangerous piece of software.

This malicious program has been observed infecting devices with other malware, most notably an information stealer and cryptominer (cryptocurrency mining malware). Yet, it is not unlikely that IceRAT can and will be used to infiltrate different programs into victims' machines.

What is the NORD ransomware?

NORD is malicious software belonging to the WannaScream ransomware family. It is designed to encrypt files and demand payment for decryption. During the encryption process, all affected files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".NORD" extension.

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.[C279F237[decryptfilekhoda@protonmail.com].NORD" following encryption.

Once this process is complete, ransom-demand messages are created in a pop-up window ("info.hta") and "ReadMe.txt" text files, which are dropped into compromised folders.

What is fake Paypal account checker?

Fake Paypal account checker is advertised as a tool that supposedly checks whether PayPal accounts are valid. Note that the official PayPal company has nothing to do with this software. If used, it generates a fake list of PayPal accounts and, at the same time, infects computers with ClipBanker malware that steals sensitive information.

What is ProStreamsSearch?

ProStreamsSearch is dubious software designed to modify browser settings to promote prostreamssearch.com (a bogus search engine). Due to this, ProStreamsSearch is classified as a browser hijacker.

Additionally, software within this classification typically collects browsing-related information. Since most users download/install browser hijackers inadvertently, they are also classified as Potentially Unwanted Applications (PUAs).