Virus and Spyware Removal Guides, uninstall instructions

What is PDFt Search?

PDFt Search is rogue software classified as a browser hijacker. Following successful installation, it makes modifications to browser settings to promote find.pdftsearch.net (a fake search engine). PDFt Search also adds the "Managed by your organization" feature to Google Chrome browsers.

Most browser hijackers monitor users' browsing activity, and PDFt Search is no exception to this. Due to the dubious techniques used to proliferate PDFt Search, it is also classified as a Potentially Unwanted Application (PUA).

What is See_read_me?

See_read_me is a new variant of Adhubllka ransomware. This particular variant was discovered by xiaopao. It encrypts files, modifies their filenames and creates a ransom message. See_read_me renames files by appending the ".see_read_me" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.see_read_me", "2.jpg" to "2.jpg.see_read_me", etc. Instructions about how to contact the developers can be found in the "Read_Me.txt" text file, which See_read_me drops in all folders that contain encrypted files.

What is cpmlink[.]net?

Cpmlink[.]net is an untrusted website offering URL (website address) shortening services. This site uses rogue advertising networks and, therefore, visitors to cpmlink[.]net might be presented with dubious advertisements and redirected to other bogus and even malicious websites.

These unwanted ads and untrusted websites pose a significant threat to device and user safety. Therefore, you are strongly advised against visiting and/or using cpmlink[.]net.

What is 404 Keylogger?

404 Keylogger is software designed to record key strokes, recover account passwords and otherwise monitor users' activity. 404 Keylogger is promoted as a legitimate tool for various businesses and for companies to track client/customer activity (with consent) and an "educational" tool to aid learning about keyloggers.

Note that this type of software is very popular amongst cyber criminals. Certain promoted features such as anti-detection and anti-analysis capabilities are suspicious and suggest that 404 Keylogger is also intended for malicious use.

What is RAGNAROK (.thor)?

RAGNAROK (.thor) is a new variant of Ragnarok ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are appended with a random character string and the ".thor" extension.

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.E6FBF.thor" following encryption. After this process is complete, ransom messages within "!!Read_me_How_To_Recover_My_Files.html" files are dropped into compromised folders.

What is Default Search?

Default Search hijacks web browsers by modifying certain settings (assigning them to find.defaultsearch.info). In this way, it promotes a fake search engine. If installed on Google Chrome, Default Search adds the "Managed by your organization" feature as well.

Additionally, this browser hijacker collects various data. Users often download and install Default Search and similar apps inadvertently and, therefore, they are classified as potentially unwanted applications (PUAs).

What is the Memorama hack scam?

Memorama is a game designed for people who wish to improve their memorization skills. It uses an in-game currency called Cristales, a certain sum of which can be purchased using the Memorama in-app purchase feature. In fact, there are various websites offering to generate Cristales free of charge.

This particular website supposedly functions as the Memorama Online Generator, and yet this is a deceptive website designed by scammers who attempt to trick visitors into providing various personal information.

What is MarketService?

MarketService is an adware-type application with browser hijacker traits. Following successful installation, it delivers intrusive advertisement campaigns, makes modifications to browser settings and promotes fake search engines. MarketService promotes 6v5f3l.com on Safari browsers and search.locatorunit.com on Google Chrome browsers.

Additionally, most adware-type apps and browser hijackers have data tracking capabilities, which are used to monitor users' browsing activity. Due to the dubious techniques used to proliferate MarketService, it is also classified as a Potentially Unwanted Application (PUA).

One of the dubious methods used for this app is proliferation via fake Adobe Flash Player updates. Furthermore, bogus software updaters/installers spread PUAs, Trojans, ransomware and other malware as well.

What is RedDelta?

RedDelta is the name of a threat activity group targeting the Vatican and Catholic Church-related, and some non-governmental, organizations. Research shows that the group uses malware variants for their attacks, one of which is a modified variant of PlugX referred to as RedDelta PlugX. Other known malware variants used in RedDelta attacks are Cobalt Strike and Poison Ivy.

What is charmsearching.com?

charmsearching.com is the address of a fake search engine. These bogus web search engines are usually promoted by Potentially Unwanted Applications (PUAs), classified as browser hijackers. This software operates by making modifications to browser settings to promote fake search tools (including charmsearching.com).

Additionally, most browser hijackers and bogus search engines have data tracking capabilities, which are used to monitor users' browsing habits.