Virus and Spyware Removal Guides, uninstall instructions

What is Gold ransomware?

Gold is the name of a malicious program belonging to the Dharma ransomware group. It is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".gold" extension.

For example, a file called "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[goldmind@tuta.io].gold" after encryption. Once this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is ExploreParameter?

ExploreParameter is an adware-type app with browser hijacker traits. Following successful installation, it runs intrusive advertisement campaigns (i.e. delivers ads), makes modifications to browser settings and promotes fake search engines. ExploreParameter promotes 0yrvtrh.com on Safari browsers, and search.adjustablesample.com on Google Chrome browsers.

Additionally, most adware and browser hijackers monitor users' browsing habits and collect data of interest. Since users typically download/install ExploreParameter inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is Error (Dharma)?

Like most malicious programs of this type, Error ransomware is designed to encrypt files, rename them and provide victims with instructions about how to contact the developers. It belongs to the family of ransomware-type programs called Dharma.

Error renames encrypted files by adding the victim's ID, datahelp@techmail.info email address and appending the ".error" extension to filenames.

For example, it would rename "1.jpg" to "1.jpg.id-C279F237.[datahelp@techmail.info].error", "2.jpg" to "2.jpg.id-C279F237.[datahelp@techmail.info].error", etc. It also creates the "FILES ENCRYPTED.txt" text file and displays a pop-up window, both of which are ransom messages.

What is the Arena ransomware?

Arena is a malicious program and part of the Dharma ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. During the encryption process, all affected files are renamed following this pattern: original filename, unique ID, cyber criminals' email address and the ".arena" extension.

For example, a file named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[Macgregor@aolonline.top].arena" following encryption. Once this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is GeneralBoardSearch?

GeneralBoardSearch is designed to display advertisements and promote the address of a fake search engine by modifying certain browser settings. This app is classified as adware and a browser hijacker.

In most cases, users download and install apps of this type inadvertently and, for this reason, GeneralBoardSearch is categorized as a potentially unwanted application (PUA). Note that apps such as GeneralBoardSearch can also gather browsing data. Research shows that this app is distributed through a deceptive installer, which supposedly installs Adobe Flash Player.

What is StreamLim?

StreamLim is a browser hijacker designed to modify browser settings to promote streamlim.com (a fake search engine). Additionally, most browser hijackers have data tracking capabilities, which are used to monitor browsing activity. Due to the dubious proliferation techniques of StreamLim, it is also classified as a Potentially Unwanted Application (PUA).

What is the Proton malware?

Proton is a malicious program classified as a Remote Access Trojan (RAT). This type of malware enables remote access and control over an infected device. RATs are capable of allowing close to or user-level control over a machine. These Trojans have a wide variety of malicious capabilities, which can be used in likewise varied ways.

Proton has been observed being distributed under the guise of the "Symantec Malware Detector" anti-virus application, however, this RAT might be disguised as or bundled with other products, even legitimate sites with genuine Apple code-signing signatures (i.e. certificates). Proton malware is no way associated with NortonLifeLock Inc. (formerly known as Symantec).

What is the Ultra Tab browser hijacker?

Ultra Tab is rogue software endorsed as improving web searching and browsing in general. In fact, Ultra Tab is categorized as a browser hijacker. It operates by making modifications to browser settings to promote ultra-search1.com (a fake search engine).

Additionally, this browser hijacker has data tracking capabilities, which are employed to collect browsing-related information. Since most users install Ultra Tab inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is "Windows has encountered a problem"?

Users often end up seeing this blue window on their computer screens (stating that Windows has encountered a problem) after executing a malicious file, which prevents them from accessing Windows by locking the screen. This happens after installation of malware programs classified as 'screen lockers'.

Research shows that this malware is capable of accessing the webcam, which allows cyber criminals to observe their victims (and anything else in view) while the infected computer is turned on.

What is ProgramInitiator?

ProgramInitiator adware feeds users with various advertisements and functions as a browser hijacker. It promotes addresses of fake search engines (z6airr.com and adjustablesample.com) by modifying certain browser settings. This adware can read various sensitive information from websites.

Note that users often download and install adware (and browser hijackers) inadvertently. For this reason apps such as ProgramInitiator are categorized as potentially unwanted applications (PUAs).