Virus and Spyware Removal Guides, uninstall instructions

What is Zybvqxefmh?

Discovered by S!Ri, Zybvqxefmh ransomware encrypts victims' files and renames them by appending its extension. It also creates the "HOW TO RESTORE YOUR FILES.TXT" text file in folders that contain encrypted files. Zybvqxefmh appends the ".zybvqxefmh" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.zybvqxefmh", "2.jpg" to "2.jpg.zybvqxefmh", and so on. The "HOW TO RESTORE YOUR FILES.TXT" file contains a ransom message with instructions about how to contact Zybvqxefmh's developers plus various other details.

What is Genius Pro?

Genius Pro is rogue software classified as a browser hijacker. Typically, software within this classification operates by making modifications to browser settings to promote fake search engines, however, Genius Pro does not actually alter browser settings - how it promotes tailsearch.com (a fake search engine) depends on users' geolocations.

Additionally, Genius Pro collects browsing-related information. Due to the dubious techniques used to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

What is the You've Been Hacked! email scam?

Commonly, scammers send emails claiming that they have stolen some personal information from people and demand payment in return for not publishing the details. This scam is no exception. These emails should never be trusted or opened.

What is CommonGeneration?

CommonGeneration is an adware-type app with browser hijacker traits. Following successful infiltration, it runs intrusive advertisement campaigns and modifies browser settings to promote fake search engines.

Due to the dubious methods used to proliferate CommonGeneration, it is also classified as a Potentially Unwanted Application (PUA). Most PUAs (adware and browser hijackers included) have data tracking capabilities, which are employed to collect browsing-related information.

What is VideosSearches?

Browser hijackers change certain browser settings to the address of a fake search engine. VideosSearches assigns them to videos-searches.com.

This app also collects browsing data. Generally, users do not download or install browser hijackers intentionally and, for this reason, these apps (including VideosSearches) are categorized as potentially unwanted applications (PUAs).

What is Foqe ransomware?

Foqe is malicious software belonging to the Djvu ransomware group. It is designed to encrypt data and demand payment for decryption. The files stored on the compromised system are rendered inaccessible. During the encryption process, all affected files are appended with the ".foqe" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.foqe", "2.jpg" as "2.jpg.foqe", "3.jpg" as "3.jpg.foqe", and so on. After this process is complete, a ransom message is created in a text file called "_readme.txt".

What is MERIN?

MERIN encrypts files, appends its extension to their filenames and creates ransom messages with instructions about how to contact the developers. This ransomware appends the ".MERIN" extension to the filenames of encrypted files. For example, "1.jpg" is renamed to "1.jpg.MERIN", "2.jpg" to "2.jpg.MERIN", and so on.

It also creates text files named "MERIN-DECRYPTING.txt" in all folders that contain encrypted files. MERIN was discovered by S!Ri and belongs to the ransomware family called NEPHILIM.

What is HDStreamSearch?

HDStreamSearch promotes hdstreamsearch.com (a fake search engine) by changing certain browser settings and collects information relating to users' browsing activities. Note that browser hijackers are classified as potentially unwanted applications (PUAs), since users tend to download and install them inadvertently.

What is Easycool web?

Easycool web is a typical browser hijacker - it changes certain browser settings to the address of a fake search engine (tailsearch.com). Additionally, it can read information relating to users' browsing habits. People often download and install browser hijackers inadvertently and, for this reason, Easycool web is categorized as a potentially unwanted application (PUA).

What is OptimalState?

OptimalState is a rogue application classified as adware. It also possesses browser hijacker traits. This browser hijacker operates by making modifications to browser settings and promotes bogus search engines. On Safari browsers, it promotes d2sri.com, however, it might promote other search engines on different browsers.

Furthermore, most adware-type and browser hijackers can monitor users' browsing activity, which makes them a serious privacy concern. Due to the dubious methods used to proliferate OptimalState, it is classified as a Potentially Unwanted Application (PUA).

One of the distribution techniques employed for OptimalState is proliferation via fake Adobe Flash Player updates. Note that bogus software updaters/installers are used to spread PUAs, Trojans, ransomware and other malware.