Virus and Spyware Removal Guides, uninstall instructions

What is YourStreamSearch?

YourStreamSearch is a browser hijacker that promotes a fake search engine by changing certain browser settings to yourstreamsearch.com. Apps of this type often collect browsing-related (and other) data. Typically, users download and install browser hijackers inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is Chaes malware?

Chaes is a malicious program. The primary functionality of this malware is information theft, primarily log-in credentials (i.e. usernames and passwords), credit card details and other sensitive financial information. At the time of research, Chaes was in the midst of an active campaign targeting a specific Latin American e-commerce platform.

Therefore, it targeted the aforementioned data for the platform.

What is MacOS Security?

"MacOS Security" is a fake error displayed by a malicious website. Many users visit these sites inadvertently, without their consent - they are redirected by potentially unwanted programs (PUPs) or intrusive advertisements delivered by other deceptive websites.

Be aware that PUPs typically infiltrate systems without permission and cause unwanted redirects, deliver intrusive ads, and gather sensitive information.

What is FileEngineering?

There are two variants of FileEngineering ransomware, both of which encrypt and rename files, and create a ransom message. The first variant renames files by adding the victim's ID, fileengineering@mailfence.com email address, and appending the ".encrypted" extension.

For example, "1.jpg" is renamed to "1.jpg.id=[BE38B416] Email=[FileEngineering@mailfence.com].encrypted", "2.jpg" to "2.jpg.id=[BE38B416] Email=[FileEngineering@mailfence.com].encrypted", and so on. The second variant also renames files, but adds a different email address (fileengineering@rape.lol).

Therefore, "1.jpg" is renamed to "1.jpg.id=[654995FE] Email=[FileEngineering@rape.lol].encrypted", "2.jpg" to "2.jpg.id=[654995FE] Email=[FileEngineering@rape.lol].encrypted", etc. Both variants create a ransom message within the "Get your files back!.txt" file in all folders that contain encrypted files.

What is the "CDP" scam email?

"CDP Email Virus" refers to a spam campaign designed to proliferate the Agent Tesla RAT (Remote Access Trojan). The term "spam campaign" is used to define a large-scale operation, during which thousands of deceptive/scam emails are sent.

The messages distributed through this spam campaign are in Italian and concern a fake payment confirmation, however, the link present in these emails does not lead to the indicated documentation, instead it redirects to a malicious website that starts the infection process (i.e. download/installation) of the Agent Tesla RAT.

This type of malware enables remote access and control over an infected computer. These Trojans can have a wide variety of dangerous capabilities, which can likewise be employed for a broad range of criminal purposes.

What is urtheredevo[.]top?

Sharing many similarities with lumnyalcolm.top, 1000-eur.cash, special-breaking.news and thousands of others, urtheredevo[.]top is a rogue website. Visitors to this web page are presented with dubious content and/or are redirected to other untrusted or malicious sites.

Typically, users access these web pages inadvertently - most are redirected to them by intrusive ads or Potentially Unwanted Applications (PUAs). These rogue apps do not need explicit user permission to be installed onto devices and, hence, users may be unaware of their presence.

PUAs cause redirects, run intrusive advertisement campaigns and collect browsing-related information.

What is WebPDFSearch?

WebPDFSearch is a potentially unwanted application (PUA) that is classified as browser hijacker. It promotes the webpdfsearch.com address (a fake search engine) by changing certain browser settings. It might also be designed to collect various data. Browser hijackers are categorized as PUAs, since, in most cases, users download and install them inadvertently.

What is MyPDFConverterSearch?

MyPDFConverterSearch is dubious software categorized as a browser hijacker. It operates by making alterations to browser settings to promote mypdfconvertersearch.com (a fake search engine). Most browser hijackers collect browsing related information, and it is likely that MyPDFConverterSearch does so as well.

Due to the dubious techniques employed to distribute browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

What is the "You have used Zoom recently - I have very unfortunate news" email scam?

Cyber criminals behind sextortion email scams such as this one attempt to extort money (typically, cryptocurrency) from recipients by threatening to publish intimate, explicit images or videos. They usually claim that they have recorded the videos (or taken screenshots) using a computer webcam that is connected to/installed on computers of recipients.

In fact, these sextortion emails are fake and should never be trusted.

What is MovieSearchTV?

MovieSearchTV is rogue software classified as a browser hijacker. After successful installation, it makes changes to browser settings to promote moviesearchtv.com (a fake search engine). Additionally, most browser hijackers have data tracking capabilities that are used to monitor users' browsing activity.

MovieSearchTV also has this functionality. Due to the dubious methods used to proliferate MovieSearchTV, it is also classified as a Potentially Unwanted Application (PUA).