Virus and Spyware Removal Guides, uninstall instructions

What is pushmoder[.]com?

Users are often forced to visit pushmoder[.]com, since these sites are opened by potentially unwanted applications (PUAs), which people have installed onto their browsers and/or computers inadvertently. Commonly, PUAs serve ads and collect data. They are classified as PUAs because users do not download or install them intentionally.

Some examples of other web pages similar to pushmoder[.]com include espublicaldru[.]info, doswinuba[.]com and vildq[.]com.

What is critical-alert[.]info?

Sharing many similarities with espublicaldru.info, doswinuba.com, vildq.com and thousands of others, critical-alert[.]info is a rogue website. Visitors are presented with dubious content and/or are redirected to other dubious or possibly malicious pages.

Few users access these web pages intentionally - most are redirected to them by intrusive ads or by Potentially Unwanted Applications (PUAs). These apps do not need explicit user consent to be installed onto systems. PUAs cause redirects, run intrusive advertisement campaigns and gather browsing-related information.

What is WebNewSearch?

WebNewSearch is a potentially unwanted application (PUA), which functions as adware and a browser hijacker: it serves advertisements and promotes the address of a fake search engine. Additionally, it might be designed to collect data. Apps like WebNewSearch are classified as PUAs because, in most cases, users download and install them unintentionally.

Note that WebNewSearch is distributed via a fake installer disguised as the installer for the official Adobe Flash Player.

What is Easy2Lock?

Easy2Lock prevents victims from accessing/using their files by encryption, renames the files, and creates a ransom message for each encrypted file. It renames files by appending the ".easy2lock" extension. For example, "1.jpg" is renamed to "1.jpg.easy2lock", "2.jpg" to "2.jpg.easy2lock", and so on.

The ransom message for the "1.jpg.easy2lock" file is named "1.jpg.easy2lock_read_me", and for the "2.jpg.easy2lock" file, "2.jpg.easy2lock_read_me", and so on.

What is MadDog ransomware?

Discovered by Michael Gillespie, MadDog is a ransomware-type malicious program. It is based on the Hidden Tear (HiddenTear) open-source project. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption.

When MadDog encrypts, all affected files are renamed following this pattern: original filename, unique ID, cyber criminals' email address and the ".MadDog" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-AZNZZD09.[maddogteam@airmail.cc].MadDog" following encryption.

After this process is complete, ransom messages are created in a pop-up window ("info.hta") and "FILES ENCRYPTED.txt" text file.

What is espublicaldru[.]info?

Generally, users do not visit pages such as espublicaldru[.]info intentionally - they are opened by browsers that have potentially unwanted applications (PUAs) installed on them. PUAs are designed to open sites such as espublicaldru[.]info, serve advertisements, and collect data.

They are classified as PUAs, since users often download and install them inadvertently. Note that there are many similar sites on the web including, for example, doswinuba[.]com, vildq[.]com and oritychiev[.]top.

What is Efji?

Efji is ransomware-type malware belonging to the Djvu ransomware family. Efji encrypts files, changes their filenames by appending its extension, and creates the "_readme.txt" file in folders that contain encrypted data. Efji appends the ".efji" extension to files. For example, "1.jpg" is renamed to "1.jpg.efji", "2.jpg" to "2.jpg.efji", and so on.

What is Erica Encoder?

Erica Encoder is one of many ransomware-type programs. It encrypts data, renames each encrypted file and creates a ransom message. Names of all encrypted files are changed to a string of random characters. For example, "1.jpg" might appear similar to "R29vZ24lIENocm9tZS5s3ms9.qgazlb".

Erica Encoder creates a text file named "HOW TO RESTORE ENCRYPTED FILES.TXT" containing the ransom message.

What is vildq[.]com?

vildq[.]com is an untrusted website, which shares many similarities with oritychiev.top, ritishdeliv.top, a1-nerdhut.com, belighterservice.com and thousands of others. The site presents visitors with dubious content and/or redirects them to other untrusted or possibly malicious web pages.

Few users access these web pages intentionally - most are redirected to them by intrusive ads or by Potentially Unwanted Applications (PUAs) already installed on their devices. This software does not need express user consent to be infiltrated into systems. PUAs operate by causing redirects, running intrusive advertisement campaigns and monitoring users' browsing activity.

What is oritychiev[.]top?

Generally, users do not visit these websites intentionally - they are force-opened by potentially unwanted applications (PUAs) installed on browsers. These rogue apps also serve ads and collect data. They are classified as PUAs, since, in most cases, users download and install them inadvertently.

Note that oritychiev[.]top is not the only website promoted via PUAs. Some more examples are cpmlink[.]net and hilanfavouris[.]top and ritishdeliv[.]top.