Virus and Spyware Removal Guides, uninstall instructions

What is AnalyzerSource?

AnalyzerSource functions as adware and a browser hijacker. I.e., it serves advertisements and changes certain browser settings to promote a fake search engine. Apps such as AnalyzerSource collect browsing-related and other data.

Typically, users download and install these apps inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is DominantMapper?

DominantMapper is an adware-type app with browser hijacker characteristics. Therefore, following successful installation, it delivers intrusive advertisement campaigns and makes alterations to browser settings in order to promote fake search engines. Additionally, most adware-type apps and browser hijackers gather browsing-related information.

Due to the dubious techniques used to proliferate DominantMapper, it is also classified as a PUA (Potentially Unwanted Application).

What kind of malware is Bird Miner?

Bird Miner is malicious software that uses computer resources to mine cryptocurrency via emulation. Research shows that it runs two miners and, therefore, it consumes extensive resources. Cyber criminals distribute Bird Miner using an installer for a 'cracked' (pirated) version of ValhallaVintageVerb software.

What is FLYU ransomware?

Discovered by Jakub Kroustek, FLYU is a malicious program, which is part of the Dharma ransomware family. This malware is designed to encrypt data and demand payment for decryption.

During the encryption process, all affected files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address, and the ".FLYU" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[yourfiles1@tutanota.com].FLYU" after encryption.

Once this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is search.productivebrowser.com?

search.productivebrowser.com is the address of a fake search engine. Generally, these sites are promoted through potentially unwanted applications (PUAs) classified as browser hijackers, adware-type apps. Apps of this type promote fake search engines by changing browser settings and hijacking browsers.

They are classified as PUAs because, in most cases, users download and install them inadvertently.

What is mommaskids[.]com?

mommaskids[.]com is a rogue website designed to present visitors with dubious material and/or redirect them to other bogus or possibly malicious web pages. There are thousands of sites similar to mommaskids[.]com on the web including, for example, thedailynews.report, directbase.ru, yourtopnews.com, and news-back.net.

Users rarely access these web pages intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into their devices. This software does not need explicit user consent to be installed onto systems.

PUAs operate by causing redirects, running intrusive ad campaigns, and collecting browsing-related information.

What is Moss?

Moss belongs to a ransomware family called Djvu. It encrypts files, modifies their filenames by appending its extension, and creates the "_readme.txt" file (the ransom message with instructions about how to contact the developers and other details) in all folders that contain encrypted files.

Moss appends the ".moss" extension to the filenames of encrypted files. For example, "1.jpg" is renamed to "1.jpg.moss", "2.jpg" to "2.jpg.moss", and so on.

What is searchgoose.com?

Searchgoose.com is the address of a fake search engine. Most fake search engines are promoted by unwanted applications that are classified as browser hijackers. Therefore, if a browser opens searchgoose.com, this indicates that a browser hijacker is installed on it. Most users download and install them inadvertently.

What is the Covid stealer?

Covid is malicious software classified as a 'stealer'. As the classification implies, this malware steals information. Stealers can employ various functionality to stealthily obtain data from infected systems. This Covid malware is highly dangerous, and thus infections must be eliminated immediately upon detection.

What is thedailynews[.]report?

thedailynews[.]report is a rogue website sharing many similarities with yourtopnews.com, news-back.net, locompany.club, and countless others. Visitors to this site are presented with dubious content and/or are redirected to other untrusted or possibly malicious web pages.

Typically, these sites are accessed via redirects caused by intrusive advertisements or by Potentially Unwanted Applications (PUAs) already infiltrated into the system. This software does not need explicit user consent to be installed on the device. PUAs cause redirects, deliver intrusive ad campaigns and collect browsing-related information.