Virus and Spyware Removal Guides, uninstall instructions

What is DevModule?

This application is designed to function as adware, browser hijacker, and a data collector. More precisely, it serves advertisements, promotes a fake search engine address, and records private, sensitive information.

Frequently, users download and install apps such as DevModule inadvertently and, therefore, they are classified as potentially unwanted applications (PUAs).

What is the "Transcrop Bank" scam email?

"Transcrop Bank" refers to a malware-spreading spam email campaign. The term "spam campaign" is used to define a mass-scale operation, during which thousands of deceptive/scam emails are sent.

The "Transcrop Bank" scam messages claim that recipients have a large incoming transfer into their bank accounts and ask them to review the attached documents to confirm the data provided therein. Rather than containing this information, the archive files contain malicious executables of the Agent Tesla RAT (Remote Access Trojan).

This type of Trojan enables stealthy remote access and control over the compromised device. RATs have a wide variety of dangerous functionality, which can lead to likewise varied issues.

What is Bepabepababy?

This malware infection is part of the GlobeImposter ransomware family. Like other malware of this type, it encrypts files, renames them and creates a ransom message. Bepabepababy renames files by appending ".bepabepababy1@protonmail.com" to filenames.

For example, "1.jpg" is renamed to "1.jpg.bepabepababy1@protonmail.com", "2.jpg" to "2.jpg.bepabepababy1@protonmail.com", and so on. Bepabepababy creates a ransom message within the "how_to_back_files.html" HTML file in all folders that contain encrypted files.

What is securesearch.me?

securesearch.me is fake search engine that is promoted via a browser hijacker. Typically, browser hijackers promote fake search engines by making certain modifications to browser settings. They can also collect details relating to browsing activities. In this particular case, the browser hijacker adds the "Managed by your organization" feature to Chrome browsers.

Note that, in most cases, users download and install browser hijackers inadvertently. Therefore, they are categorized as potentially unwanted applications (PUAs).

What is Hupstore ransomware?

Hupstore is malicious software belonging to the GlobeImposter ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".(hupstore@keemail.me)" extension following encryption.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.(hupstore@keemail.me)", "2.jpg" as "2.jpg.(hupstore@keemail.me)", and so on. At the end of this process, ransom messages within "Read Me!.HTA" files are dropped into compromised folders.

What is Xxx ransomware?

Xxx is a malicious program that belongs to the GlobeImposter ransomware family. Like most ransomware-type programs, Xxx encrypts and renames files, and provides instructions about how to contact the developers. It renames files by appending the ".xxx" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.xxx", "2.jpg" to "2.jpg.xxx", and so on. Xxx creates a ransom message within the "how_to_back_files.html" file in all folders that contain encrypted files.

What is NetInput?

NetInput is a rogue application categorized as adware and possessing browser hijacker characteristics. Following successful installation, NetInput delivers intrusive advertisement campaigns and makes alterations to browser settings to promote bogus search engines.

Additionally, most adware-type apps and browser hijackers collect browsing-related information. Since many users download/install NetInput inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is the "Killer's IP Address" scam?

"Killer's IP Address" is a scam run on deceptive websites. This type of scheme is classified as a technical support scam. Typically, they inform users of threats detected on their devices and offer tech support services. "Killer's IP Address" specifically states that the system has been infected with Trojans, spyware and other malicious software.

This scheme claims that, to prevent losing access to the device, users must immediately contact "Microsoft" technical support. Note that this scam is in no way connected to Microsoft and all of the information provided by it is false.

Most users access these untrusted sites unintentionally - they are redirected to them by intrusive advertisements or by Potentially Unwanted Applications (PUAs) already installed on the system.

What is NetworkHelper?

NetworkHelper is a potentially unwanted application (PUA) that functions not only as an adware-type app but also as a browser hijacker. It serves advertisements and promotes a fake search engine address. Additionally, it is capable of accessing sensitive information.

NetworkHelper is classified as a PUA because users often download and install these apps inadvertently.

What is the Howareyou ransomware?

Discovered by malware researcher S!Ri, Howareyou is a ransomware-type malicious program. Systems infected with Howareyou have their data encrypted and users receive ransom demands for decryption. During the encryption process, all compromised files are appended with the ".howareyou" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.howareyou" following encryption. After this process is complete, a ransom message within the "__read_me_.txt" file is created.