Virus and Spyware Removal Guides, uninstall instructions

What is the "FBI CRIMINAL INVESTIGATION" scam?

"FBI CRIMINAL INVESTIGATION" is a scam promoted on various deceptive websites. These sites have been observed being promoted via azurewebsites.net, however, not exclusively. This scam claims that users' devices have been locked, due to content detected on them being in violation of US federal law.

Additionally, this illegal material is apparently dangerous and can cause serious issues. Therefore, users are urged to contact fake Google support. Note that all of the information provided by the "FBI CRIMINAL INVESTIGATION" scheme is false. Furthermore, this scam is in no way associated with the Federal Bureau of Investigation (FBI) or Google LLC.

Most users access deceptive web pages unintentionally - they are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed on their systems.

What is the "You received a transfer in the amount" scam email?

"You received a transfer in the amount" is a spam email campaign. The term "spam campaign" is used to define a large-scale operation, during which thousands of deceptive/scam emails are sent. The messages sent in this campaign claim that an unspecified sum has been transferred to users. These emails promote various untrusted and possibly malicious websites.

What is the broindifferd[.]club site?

broindifferd[.]club is a rogue website designed to present visitors with dubious content and/or redirect them to other untrusted or possibly malicious web pages. The site shares many similarities with check-you-robot.site, onlybestpushnews.com, c-emoney.com, mop-news2.club and countless others.

Users rarely access broindifferd[.]club or similar web pages intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs).

These apps do not need explicit user consent to be installed onto systems. Following successful infiltration, PUAs cause redirects, deliver intrusive ad campaigns and collect data relating to browsing activity.

What is AllConvertersSearch?

AllConvertersSearch is a browser hijacker, which operates by making alterations to browser settings to promote allconverterssearch.com (a fake search engine). Additionally, this browser hijacker has data tracking capabilities, which are employed to monitor users' browsing activity.

Due to the dubious techniques used to proliferate AllConvertersSearch, it is classified as a Potentially Unwanted Application (PUA).

What kind of malware is Silvertor ransomware?

Discovered by Karsten Hahn, Silvertor is malicious software classified as ransomware. During the encryption process, all affected files are appended with the ".silvertor" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.silvertor" following encryption.

After this process is complete, a ransom message within the "README.html" file is created, which is automatically opened following system restart. Additionally, a pop-up window, containing a different message is displayed after each time the system is restarted.

What is the Billy's Apocalypse ransomware?

Billy's Apocalypse is a malicious program, which is identical to Black Claw ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all of the affected files are appended with the ".apocalypse" extension.

For example, a file originally named "1.jpg" would appear as "1.jpg.apocalypse" following encryption. After this process is complete, ransom messages are created in "RECOVER YOUR FILES.txt" and "RECOVER YOUR FILES.hta" files, which are dropped into compromised folders.

What is searchmulty.com?

searchmulty.com is a fake search engine that falsely claims to enhance the browsing experience by generating improved results and providing quick access to dozens of popular websites (such as YouTube, Facebook, Instagram, eBay, and so on).

These claims often trick users into believing that searchmulty.com is legitimate and useful, however, developers proliferate this site using various browser-hijacking downloaders/installers. Furthermore, this website records data relating to browsing activity.

What is ConvertrzSearch browser hijacker?

ConvertrzSearch is a browser hijacker designed to modify browser settings to promote a fake search engine (ConvertrzSearch promotes convertrz-search.com in this manner). Additionally, this browser hijacker has data tracking capabilities, which are used to monitor browsing activity.

Due to the dubious methods employed to proliferate ConvertrzSearch, it is classified as a Potentially Unwanted Application (PUA).

What is CCHH ransomware?

CCHH is a malicious program, which is part of the GlobeImposter ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools/software. During the encryption process, all affected files are appended with the ".CCHH" extension.

For example, following encryption, a file like "1.jpg" would appear as "1.jpg.CCHH", "2.jpg" as "2.jpg.CCHH", and so on. After this process is complete, ransom messages within "Decryptin INFO.html" files are dropped into compromised folders.

What is Nile ransomware?

Nile ransomware is malicious software belonging to the Djvu ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. During the encryption process, all of the compromised files are appended with the ".nile" extension.

For example, a file originally titled "1.jpg" would appear as "1.jpg.nile" following encryption. Once this process is complete, ransom messages within "_readme.txt" files are created and dropped into affected folders.