Virus and Spyware Removal Guides, uninstall instructions

What is A3C9N?

A3C9N is a part of the Snatch ransomware family. Cyber criminals designed it to encrypt files, rename them and create a ransom message. 

A3C9N renames encrypted files by appending the ".a3c9n" extension (e.g., it renames "1.jpg" to "1.jpg.a3c9n", "2.jpg" to "2.jpg.a3c9n", etc.), and creates the "RESTORE_A3C9N_FILES.txt" ransom message in all folders that contain encrypted files.

What is VuLi ransomware?

VuLi is a part of the Xorist ransomware family. Like other malicious programs of this type, it is designed to encrypt files, append its extension to filenames and create a ransom message. VuLi appends the ".VuLi". extension. For example, it would rename "1.jpg" to "1.jpg.VuLi", "2.jpg" to "2.jpg.VuLi", and so on.

It also creates the "HOW TO DECRYPT FILES.txt" text file (ransom message) in all folders that contain encrypted data. Additionally, VuLi changes the desktop wallpaper and displays a pop-up window with instructions about how to pay the ransom.

What is ThiefBot?

ThiefBot is malicious software, which targets Android OS (Operating System) versions 4 through 10. This malware has various functionality. Its main features include SMS manipulation and exploitation of system/application vulnerabilities. ThiefBot is classified as a dangerous program, and as such, its infections must be eliminated immediately upon detection.

What is SearchGames4U?

SearchGames4U changes certain browser settings to promote searchgames4u.com (a fake search engine). Additionally, it might be designed to gather information relating to web browsing activity. In most cases, users download and install browser hijackers inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is the Eur ransomware?

Eur is a malicious program belonging to the Dharma ransomware family. It is designed to encrypt data and demand ransoms for decryption. During the encryption process, all affected files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".eur" extension.

For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[decrypt@europe.com].eur" following encryption. Once this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" file.

What is SignalBalance?

SignalBalance serves advertisements, collects sensitive information and changes certain browser settings to z6airr.com or adjustablesample.com. This app essentially functions as adware and a browser hijacker. Typically, users do not download or install SignalBalance or similar apps intentionally and, therefore, they are classified as potentially unwanted applications (PUAs).

What is NewVideoSearch?

NewVideoSearch is rogue software classified as a browser hijacker. Following successful installation, it makes changes to browser settings to promote newvideo-search.com (a bogus search engine). This browser hijacker also monitors users' browsing activity and gathers vulnerable data extracted from it.

Due to the dubious methods used to proliferate NewVideoSearch, it is classified as a Potentially Unwanted Application (PUA).

What is B888?

B888 belongs to the family of ransomware called Matrix. This ransomware encrypts files, modifies their filenames and creates the "!B888_INFO!.rtf" file (ransom message) in all folders that contain encrypted data. B888 renames files by replacing their filenames with the billwong73@yahoo.com email address, a string of random characters and appending the ".B888" extension.

For example, it would change a file named "1.jpg" to "[billwong73@yahoo.com].4elvmvPN-c7YATGkr.B888", "2.jpg" to "[billwong73@yahoo.com].6dpbnxGF-ct8AGOour.B888", and so on.

What is Cposysrzk ransomware?

Cposysrzk is a malicious program belonging to the Snatch ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".cposysrzk" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.cposysrzk" following encryption. After this process is complete, ransom-demand messages in "HOW TO RESTORE YOUR FILES.TXT" files are dropped into compromised folders.

What is HDMusicSearches?

HDMusicSearches is a browser hijacker designed to promote hdmusicsearches.com, a fake search engine. Generally, these apps achieve this by changing certain browser settings. Most also collect details relating to users' browsing habits (browsing data).

HDMusicSearches and other similar apps are categorized as potentially unwanted applications (PUAs), since people often download and install them unintentionally.