Virus and Spyware Removal Guides, uninstall instructions

What is LogarithmicEntry?

LogarithmicEntry functions not only as adware (advertising-supported software) but also as a browser hijacker. It serves advertisements and promotes the address of a fake search engine by modifying certain browser settings. It might also be capable of collecting browsing-related or even sensitive information.

Typically, users download and install apps such as LogarithmicEntry inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is Viper ransomware?

Viper is a malicious program classified as ransomware. It is based on the Hidden Tear (HiddenTear) open-source project. Systems infected with Viper ransomware experience data encryption and users receive ransom demands for decryption.

During the encryption process, all affected files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address and the ".Viper" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id=C279F237.email=ancrypted1@gmail.com.Viper" following encryption.

After this process is complete, a ransom message in the "how to recover my files.hta" file is created.

What is Fake Google Docs Extension?

This application has nothing to do with the official, legitimate Google Docs extension. It is classified as adware and designed to promote various dubious websites. The initial redirects caused by this adware typically start with the "blob:https://p6vh.com" website which, in turn, redirects elsewhere.

The list of websites that this rogue extension redirects to also includes check.qualitychecker.net and ppae8oe4eku9.com. Additionally, after installation, this app adds the "Managed by your organization" feature to Chrome browsers. Research shows that this adware-type app is distributed using a 'cracking' tool designed to illegally activate licensed software.

What is oceanbefo[.]top?

oceanbefo[.]top is a rogue website sharing many similarities with newscatch24.com, rex-news.org, samizdat-philosophy.com and thousands of others. Once accessed, this site presents visitors with dubious content and/or redirects them to other untrusted or possibly malicious web pages.

Few users access oceanbefo[.]top intentionally - most are redirected to it by intrusive ads or by Potentially Unwanted Applications (PUAs) already infiltrated into their devices. These apps do not need express user permission to be installed onto systems. PUAs cause redirects, run intrusive ad campaigns and collect browsing-related information.

What is rdsb2[.]club?

Sharing many similarities with hesterinoc.info, cicort.com, overiesarticu.info and countless others, rdsb2[.]club is a rogue website. It presents visitors with dubious content and/or redirects them to other untrusted, deceptive or malicious pages.

Typically, users access rdsb2[.]club and similar sites through redirects caused by intrusive advertisements or Potentially Unwanted Applications (PUAs). Note that these apps do not need explicit permission to infiltrate systems. PUAs cause redirects, run intrusive ad campaigns and track browsing-related data.

What is redneckrepairs[.]com?

Typically, users do not open pages such as redneckrepairs[.]com intentionally - they are opened automatically by browsers with potentially unwanted applications (PUAs) installed on them. Apps of this type are designed to promote sites such as redneckrepairs[.]com, serve advertisements, and collect data.

Some examples of other sites similar to redneckrepairs[.]com are ahacdn[.]me, newscatch24[.]com and rex-news[.]org.

What is MagicMovieSearch?

MagicMovieSearch is rogue software categorized as a browser hijacker. It operates by making changes to browser settings to promote magicmoviesearch.com (a fake search engine). Additionally, most browser hijackers have data tracking capabilities, which are employed to monitor users' browsing activity.

Due to the dubious techniques used to proliferate MagicMovieSearch, it is also classified as Potentially Unwanted Application (PUA).

What is ahacdn[.]me?

ahacdn[.]me is virtually identical to many other pages of this kind including, for example, rex-news[.]org, samizdat-philosophy[.]com and revoluciondron[.]com. Generally, users do not visit these pages willingly - they are opened by browsers that have potentially unwanted applications (PUAs) installed on them.

These sites are also promoted via deceptive ads and other dubious web pages. Note that PUAs promote sites such as ahacdn[.]me, collect data, and serve ads. They are classified as PUAs because most users do not download or install them intentionally.

What is LearningActivity?

LearningActivity is an adware-type application with browser hijacker traits. Following successful installation, it delivers intrusive ad campaigns and makes modifications to browser settings to promote bogus search engines. Additionally, most adware-type apps and browser hijackers collect browsing-related information.

Since most users download/install LearningActivity inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is LCK ransomware?

LCK is a malicious program belonging to the Dharma ransomware family. This particular program encrypts files, renames them, displays a pop-up window, and creates the "FILES ENCRYPTED.txt" text file. LCK renames files by adding the victim's ID, triplock@tutanota.com email address and ".LCK" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[triplock@tutanota.com].LCK", "2.jpg" to "2.jpg.id-C279F237.[triplock@tutanota.com].LCK", etc. The "FILES ENCRYPTED.txt" file and pop-up window displayed by LCK include ransom messages that contain instructions about how to contact the developers.