Virus and Spyware Removal Guides, uninstall instructions

What is Zes ransomware?

Zes is a ransomware-type malicious program designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are renamed according to this pattern: original filename, unique ID, cyber criminals' email address and the ".zes" extension.

For example, a file such as "1.jpg" would appear as something similar to "1.jpg.[E38D7F03].[johncastle@msgsafe.io].zes" following encryption. Once this process is complete, ransom messages named "readme-warning.txt" are dropped into compromised folders.

What is RS ransomware?

RS is a malicious program, which belongs to the MedusaLocker ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, files are appended with the ".RS" (or either ".rs" in lowercase) extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.RS", "2.jpg" as "2.jpg.RS", and so on for all compromised files. Once this process is complete, ransom messages within "Recovery_Instructions.html" files are dropped into affected folders.

What is the Dll-Files Fixer PUA?

Much as the name implies, Dll-Files Fixer is software endorsed as a tool capable of fixing DLL file errors, thereby improving system performance. Due to the dubious techniques used to proliferate this app, however, it is classified as a Potentially Unwanted Application (PUA).

This category contains questionably marketed and distributed products, yet this software is often nonoperational and/or has additional functionality that is not listed.

What is BitRansomware?

Discovered by 3xp0rt, BitRansomware is malicious software classified as ransomware. This malware is designed to encrypt data and demand payment for decryption tools. During the encryption process, all compromised files are appended with the ".readme" extension.

For example, a file such as "1.jpg" would appear as "1.jpg.readme", "2.jpg" as "2.jpg.readme", and so on. After this process is complete, ransom messages within "Read_Me.txt" files are dropped into affected folders.

What is InitiatorField?

InitiatorField is rogue software classified as adware with browser hijacker traits. Following successful installation, it delivers intrusive advertisement campaigns and makes modifications to browser settings to promote a fake search engine. InitiatorField promotes 0yrvtrh.com in this way. 

Additionally, adware and browser hijackers often monitor users' browsing activity. Due to the dubious techniques used to promote this app, it is classified as a Potentially Unwanted Application (PUA). One of the dubious methods employed in InitiatorField's distribution is proliferation via bogus Adobe Flash Player updates.

Note that fake software updaters/installers are used to distribute not just PUAs but also Trojans, ransomware and other malware.

What is the Trump ransomware?

Discovered by xiaopa, Trump is the name of a malicious program belonging to the Scarab ransomware family. This malware is designed to encrypt data and demand payment for decryption. During the encryption process, all compromised files are renamed following this pattern: original filename, cyber criminals' email address in square brackets, and the ".trump" extension.

For example, a file originally named something like "1.jpg" would appear "1.jpg.[levandos@email.cz].trump" following encryption. After this process is complete, ransom messages within "HOW TO RECOVER ENCRYPTED FILES.TXT" files are dropped into affected folders.

What is 4KSportSearch?

4KSportSearch is rogue software classified as a browser hijacker. It modifies browsers to promote 4ksportsearch.com (a fake search engine). Additionally, this browser hijacker monitors/records browsing activity. Since most users install 4KSportSearch unintentionally, it is classified as a Potentially Unwanted Application (PUA).

What is Paradise 4.3.3.0.1 ransomware?

Paradise 4.3.3.0.1 is a malicious program belonging to the Paradise ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are appended with "_sambolero_{victim's_ID}.ero".

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg_sambolero_{2DNnrY}.ero" following encryption. Once this process is finished, ransom messages in files named - "---==%$$$OPEN_ME_UP$$$==---.txt" are dropped into compromised folders.

What is SectionIndexer?

SectionIndexer is an aware-type app with browser hijacker traits. It operates by delivering intrusive advertisements, making alterations to browser settings and promoting fake search engines. SectionIndexer promotes Safe Finder via akamaihd.net in this way.

Due to the dubious tactics employed in SectionIndexer's distribution, it is also categorized as a Potentially Unwanted Application (PUA). Typically, PUAs (adware and browser hijackers included) monitor users' browsing activity and collect sensitive information extracted from it.

What is 0yrvtrh.com?

0yrvtrh.com is a fake search engine. Typically, these bogus search tools are promoted by rogue software classified as browser hijackers. They operate by making modifications to browser settings and restricting/denying access to them. Furthermore, browser hijackers and fake search engines often monitor users' browsing activity.

The 0yrvtrh.com search engine has been observed being promoted by ConnectionIndexer, an adware-type application (which possesses browser hijacker characteristics). Due to the dubious methods used to proliferate adware and browser hijackers, they are classified as Potentially Unwanted Applications (PUAs).