Virus and Spyware Removal Guides, uninstall instructions

What is 1500dollars?

1500dollars ransomware belongs to the Phobos ransomware family. It encrypts and renames victims' files, displays a pop-up window, and creates the "info.txt" text file, which contains instructions about how to contact the ransomware developers plus various other details.

1500dollars renames files by adding the victim's ID, cleverhorse@protonmail.com email address, and appending ".1500dollars" as the file extension.

For example, "1.jpg" is renamed to "1.jpg.id[C279F237-1095].[cleverhorse@protonmail.com].1500dollars", "2.jpg" to "2.jpg.id[C279F237-1095].[cleverhorse@protonmail.com].1500dollars", and so on.

What is FreeStreamSearch?

FreeStreamSearch is dubious software classified as a browser hijacker. It operates by making changes to browsers to promote freestreamsearch.com (a fake search engine). Furthermore, this browser hijacker has data tracking capabilities, which are employed to monitor browsing activity.

Due to the dubious methods used to proliferate freestreamsearch.com, it is also classified as a Potentially Unwanted Application (PUA).

What is FindConverterSearch?

FindConverterSearch is a browser hijacker that promotes findconvertersearch.com by modifying certain browser settings. It also collects details relating to users' browsing habits. In most cases, users download and install browser hijackers inadvertently and, therefore, FindConverterSearch and similar apps are classified as potentially unwanted applications (PUAs).

What is PracticalConfig?

PracticalConfig is an adware-type application with browser hijacker characteristics. Following successful installation, this app delivers intrusive advertisement campaigns and makes modifications to browser settings to promote a fake search engine. Additionally, most adware-type apps and browser hijackers collect information relating to browsing habits.

Due to the dubious methods used to proliferate PracticalConfig, it is classified as a Potentially Unwanted Application (PUA).

What is Cypher?

Cypher is one of ransomware-type programs that are part of the VoidCrypt ransomware family. This particular ransomware encrypts and renames files, it appends the ".Cypher" extension to their filenames.

For example, it renames a file named "1.jpg" to "1.jpg.[CypherTeam@mail.com][QY4EUV1MHAZKR78].Cypher", "2.jpg" to "2.jpg.[CypherTeam@mail.com][QY4EUV1MHAZKR78].Cypher", and so on. Also, it creates the "!INFO.HTA" file, a ransom note in all folders that contain encrypted files.

What is Decme?

Decme belongs to the VoidCrypt ransomware family. It is designed to encrypt victims' files, rename them by adding the files2021@tutanota.com email address and victim's ID, and appending the ".decme" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.[Files2021@tutanota.com][HXEFMGVC50T1SL7].decme", "2.jpg" to "2.jpg.[Files2021@tutanota.com][HXEFMGVC50T1SL7].decme", and so on. Decme creates the "!INFO.HTA" file in all folders that contain encrypted files. This file is designed to display a ransom message.

What is "SharePoint" email scam?

Generally, scammers behind phishing emails fraudulently attempt to obtain sensitive information such as usernames, passwords and other credentials, and credit card details, by disguising their emails as messages from legitimate companies, organizations, etc.

This particular email is disguised as a message from SharePoint and the scammers behind it attempt to steal Microsoft 365 accounts.

What is GetVideoSearch?

GetVideoSearch is classified as a browser hijacker because it promotes a fake search engine (getvideosearch.com) by making changes to browser settings. Like most apps of this type, it also collects browsing data. Commonly, users download and install browser hijackers inadvertently and, therefore, apps of this type are classified as potentially unwanted applications (PUAs).

What is special-breaking[.]news?

special-breaking[.]news is not often visited by users intentionally. Commonly, these web pages are promoted via potentially unwanted applications (PUAs), deceptive ads, and other dubious web pages. There are many websites similar to special-breaking[.]news including bigkick[.]biz, rchesasider[.]top and pectionexa[.]top.

What is SWP ransomware?

SWP is part of the Dharma ransomware family and was discovered by xiaopao. SWP encrypts files, modifies their filenames, and provides instructions about how to contact the developers (it displays a pop-up window and creates the "FILES ENCRYPTED.txt" text file).

It renames files by adding the victim's ID, eusa@tuta.io email address, and appending the ".SWP" as the file extension. For example, "1.jpg" is renamed to "1.jpg.id-1E857D00.[eusa@tuta.io].SWP", "2.jpg" to "2.jpg.id-1E857D00.[eusa@tuta.io].SWP", and so on.