Virus and Spyware Removal Guides, uninstall instructions

What is HDConverterSearch?

HDConverterSearch is dubious software endorsed as a tool capable of improving web searches. In fact, it operates by making alterations to browser settings to promote hdconvertersearch.com (a bogus search engine). Therefore, HDConverterSearch is categorized as a browser hijacker.

Additionally, it possesses data tracking capabilities, which are used to collect information relating to browsing activity. Since most users install HDConverterSearch inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is AB89?

AB89 is part of the Matrix ransomware family and was discovered by Michael Gillespie. Typically, malware of this type is designed to encrypt files, modify their filenames and create and/or display ransom messages.

AB89 renames encrypted files by replacing their filenames with the AdamBrown89@criptext.com email address, a string of random characters and appending the ".AB89" extension.

For example, it would rename "1.jpg" to "[AdamBrown89@criptext.com].COel9CRH-UwxXSDcd.AB89", "2.jpg" to "[AdamBrown89@criptext.com].GUel6TKO-UbgAFPdc.AB89", and so on. A ransom message created by AB89 can be found in all folders that contain encrypted files - this is within a text file named "AB89_INFO.rtf".

What is "Social network hacks"?

"Social network hacks" is a large-scale scam promoted through several different campaigns. This scheme is disguised as providing resources for hacking social networking/media and service (e.g. streaming) accounts.

The "hacking tools" are supposedly capable of hijacking Facebook, Instagram, WhatsApp, Snapchat, TikTok and Netflix accounts (possibly, those of other large platforms as well). These "resources" were observed being promoted via compromised official websites, where they were presented as hacking articles.

Another technique was the injection of these scam articles into the topmost Google search engine results when a directly or tangentially-related query was searched. The deceptive articles redirected to various harmful sites, which endorsed malware under the guise of "hacking tools", requested personal and financial information (i.e phishing) or otherwise misused users' trust.

Note that web pages associated with or similar to the "Social network hacks" scam are often unintentionally accessed through redirects caused by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system.

What is AnyConverterSearch?

AnyConverterSearch is a browser hijacker, which changes certain browser settings to portal.anyconvertersearch.com or feed.anyconvertersearch.com (addresses of fake search engines).

Commonly, apps of this type collect browsing-related data as well. Browser hijackers are categorized potentially unwanted applications (PUAs), since users often download and install them inadvertently.

What is Protomolecule?

This malware belongs to the Scarab ransomware family and was discovered by xiaopao. Protomolecule ransomware encrypts files and renames each by replacing the filename with a string of random characters, and replacing the extension with ".protonmolecule@gmx.us".

For example, it would rename a file such as "1.jpg" to "2g0000000009GIRwwFPSWdP1Df4D8c4n.protomolecule@gmx.us", "2.jpg" to "2w0000000003EYSddFPSWdU3Of5F4b9o.protomolecule@gmx.us", and so on. Protomolecule also creates a ransom message within a text file named "HOW TO RECOVER ENCRYPTED FILES".

It drops this file in all folders that contain encrypted files.

What is SearchProConverter?

SearchProConverter is a browser hijacker designed to modify browsers to promote searchproconverter.com (a fake search engine). Additionally, this browser hijacker also has data tracking capabilities, which are employed to monitor users' browsing activity.

Due to the dubious methods used to proliferate SearchProConverter, it is classified as a Potentially Unwanted Application (PUA).

What is Boi Tab?

When visited, searches.club redirects to various other dubious websites, depending on users' geolocations. Research shows that searches.club appears in browser settings when the Boi Tab app is installed, however, other apps might also promote it.

Applications that promote rogue addresses (mostly fake search engines) by changing browser settings are classified as browser hijackers. Commonly, users download and install these apps inadvertently and, therefore, Boi Tab and others are classified as potentially unwanted applications (PUAs).

What is AW46 ransomware?

AW46 is a malicious program belonging to the Matrix ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption keys/tools.

During the encryption process, all affected files are renamed following this pattern: "[alexwind46@yahoo.com].[random-string].AW46", which consists of the cyber criminals' email address, a string of random characters and the ".AW46" extension.

For example, a file originally named "1.jpg" would appear as something similar to "[alexwind46@yahoo.com].tV1MsGcR-vVr9KMQL.AW46" following encryption. After this process is complete, ransom-demand messages are created in "!AW46_INFO!.rtf" files, which are dropped into compromised folders.

What is Ment?

Ment is a malicious program belonging to the TomNom ransomware family. It prevents victims from accessing their files by encryption. It also changes the filenames of encrypted files by appending the ".ment" extension. For example, a file named "1.jpg" would be changed to "1.jpg.ment", "2.jpg" to "2.jpg.ment", and so on.

Instructions about how to contact cyber criminals behind this ransomware can be found in the text file named "Desktop-HOW-TO-DECRYPT.txt".

What is "Ptt Email Virus"?

Typically, cyber criminals behind malspam campaigns such as this attempt to deceive recipients into executing (opening) a malicious file, which is attached to the email (or downloaded from a website). This particular email is disguised as a message from the Turkish post company (Ptt) and used to distribute a malicious Remote Access Trojan (RAT) called Agent Tesla.