Virus and Spyware Removal Guides, uninstall instructions

What is IndexerInput?

IndexerInput is an adware-type application with browser hijacker traits. Following successful infiltration, this app runs intrusive advertisement campaigns and makes modifications to browser settings to promote fake search engines. On Safari browsers, IndexerInput promotes 6v5f3l.com, and on Google Chrome, search.validplatform.com.

Additionally, most adware-types and browser hijackers monitor users' browsing activity. Due to the dubious techniques used to proliferate IndexerInput, it is also classified as a Potentially Unwanted Application (PUA). One of these methods is proliferation via fake Adobe Flash Player updates.

Note that bogus software updaters/installers are often employed to spread not only PUAs but also Trojans, ransomware and other malware.

What is search.validplatform.com?

search.validplatform.com is a fake search engine. Typically, search engines of this kind are promoted via browser hijackers, which are adware-type apps. Note that search.validplatform.com is promoted via IndexerInput and other similar apps.

These apps are categorized as potentially unwanted applications (PUAs), since, in most cases, users download and install them unintentionally.

Research shows that at least one of the apps that promote search.validplatform.com is distributed via a fake installer that is disguised as an installer for Adobe Flash Player.

What is PyXie?

PyXie is a Remote Access Trojan (RAT). Typically, cyber criminals use RATs to remotely control infected computers and steal personal information, install additional malware, and for other malicious purposes. Some cyber criminals use PyXie to deliver ransomware.

In any case, if there is any reason to suspect that this RAT is already installed on the operating system, remove it immediately.

What is CCC ransomware?

CCC is a malicious program belonging to the GlobeImposter ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools. During the encryption process, all affected files are appended with the ".CCC" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.CCC", "2.jpg" as "2.jpg.CCC", and so on. After this process is complete, ransom-demand messages in "Decryption INFO.html" files are dropped into affected folders.

What is the Print Works email virus?

Malspam is a way to deliver emails that contain infected files (attachments) or download links for them. Generally, the emails are disguised as official, important messages from legitimate companies. The main purpose of cyber criminals behind malspam emails is to trick recipients into downloading and executing a malicious file, which then installs malicious software.

In this particular case, the attached document is designed to install Dridex.

What is Magnifier Search?

Magnifier Search is rogue software classified as a browser hijacker. These programs typically operate by making modifications to browser settings to promote fake search engines, however, this is not the case with Magnifier Search - it does not necessarily make alterations to browsers when promoting the magnifier-app.xyz search engine.

Additionally, this browser hijacker has data tracking capabilities, which are employed to monitor users' browsing activity. Due to the dubious tactics used to distribute Magnifier Search, it is also classified as a Potentially Unwanted Application (PUA).

What kind of malware is Recoverydatas?

Recoverydatas belongs to the Scarab ransomware family. Ransomware is a form of malware that encrypts and renames victims' files and generates ransom messages. Recoverydatas creates the "HOW TO RECOVER ENCRYPTED FILES.TXT" text file (ransom message) in all folders that contain encrypted files.

It renames files by replacing their filenames with a string of random characters and appending the ".recoverydatas" extension. For example, "1.jpg" is renamed to "33HDmWN1UfpNQk.recoverydatas", "2.jpg" to "45LQPmER6OgjMGl.recoverydatas", and so on.

What is Agho ransomware?

Agho is a malicious program belonging to the Djvu ransomware family. It is designed to encrypt data and demand payment for decryption tools/software. During the encryption process, all affected files are appended with the ".agho" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.agho" following encryption.

After this process is complete, ransom messages within "_readme.txt" files are dropped into compromised folders.

What is UpdateDecrypter ransomware?

UpdateDecrypter is malicious software classified as ransomware. Malware of this type typically encrypts the files of infected systems and/or locks the device's screen - criminals then demand ransoms for decryption tools and to restore access. UpdateDecrypter operates by encrypting data and changing filenames and the desktop wallpaper.

During the encryption process, all affected files are appended with the ".crypt" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.crypt", "2.jpg" as "2.jpg.crypt", and so on.

UpdateDecrypter is a decryptable ransomware with a decryption password of "password" (without the quotation marks). Should victims need the decrypter, they can contact us via Twitter.

What is FUSION?

Discovered by Michael Gillespie, FUSION is a malicious program and part of the Nefilim ransomware family. This program is designed to rename encrypted files by adding the ".FUSION" extension. For example, "1.jpg" is renamed to "1.jpg.FUSION", "2.jpg" to "2.jpg.FUSION", and so on.

It also creates the "FUSION-README.txt" text file (ransom message) in all folders that contain encrypted files. This file contains instructions about how to contact the cyber criminals behind FUSION.