Virus and Spyware Removal Guides, uninstall instructions

What is XCrypto?

XCrypto is malicious software categorized as ransomware. It operates by encrypting data and demanding payment for decryption. During the encryption process, all affected files are renamed following this pattern: original filename, unique ID, cyber criminals' email address and the ".XCrypto" extension.

For example, a file like "1.jpg" would appear as something similar to "1.jpg.id=[1E857D00].email=[Supportclown1@protonmail.com]..XCrypto" following encryption. After this process is complete, ransom messages within "how to recover my files.hta" files are dropped into compromised folders.

What is the Imperium Metamorpher RAT?

Imperium Metamorpher is a Remote Access Tool (RAT), however, when programs of this type are used maliciously, they are classified as Remote Access Trojans (RATs). Note that RATs allow remote access and control over an infected machine. Malware of this type can have a broad range of dangerous capabilities, which can be deployed in various ways.

The primary function of Imperium Metamorpher is data theft and botnet creation. This Trojan is highly dangerous software and, therefore, Imperium Metamorpher infections require immediate removal.

What is searchiing.com?

searchiing.com is a bogus search engine. These fake search engines are usually promoted by Potentially Unwanted Applications (PUAs) categorized as browser hijackers. This software operates by making modifications to browsers and monitoring users' browsing activity. Additionally, PUAs do not need explicit user consent to be installed onto devices.

What is EngageSearch?

EngageSearch is an adware-type application with browser hijacker traits. This app is designed to run intrusive advertisement campaigns, make modifications to browsers and promote fake search engines. EngageSearch promotes Safe Finder via akamaihd.net in this manner.

Most software within the adware and browser hijacker categories has data tracking capabilities, which are used to monitor users' browsing activity. Additionally, due to the dubious methods employed to proliferate EngageSearch, it is classified as a Potentially Unwanted Application (PUA).

What is RAGA ransomware?

RAGA is a ransomware-type malicious program. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software.

During the encryption process, all compromised files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address and the ".RAGA" extension. For example, a file such as "1.jpg" would appear as something similar to "1.jpg.[E38D7F03].[tommyraga@aol.com].RAGA" following encryption.

After this process is complete, ransom messages within the "readme-warning.txt" file are dropped into affected folders.

What is AL8G ransomware?

Discovered by xiaopao, AL8G is a malicious program belonging to the Matrix ransomware family. The malware operates by encrypting data and demanding payment for decryption tools/software.

During the encryption process, all affected files are renamed following this pattern: "[AlanRed@criptext.com].[random-string].AL8G", which comprises the cyber criminals' email address, random character string and the ".AL8G" extension.

For example, a file like "1.jpg" would appear as something similar to "[AlanRed@criptext.com].ZPtF762C-lcqg6mhu.AL8G" following encryption. Once this process is finished, ransom-demand messages within "Readme_AL8G.rtf" files are dropped into compromised folders.

What is StreamItSearch?

StreamItSearch is a browser hijacker designed to promote streamit-search.com. Following successful infiltration, this piece of software modifies browser settings to promote a fake search engine (streamit-search.com). Furthermore, StreamItSearch has data tracking capabilities that are used to monitor browsing activity.

Since most users download/install StreamItSearch unintentionally, it is also classified as a Potentially Unwanted Application (PUA).

What is flowEncryption ransomware?

flowEncryption is malicious software, classified as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. During encryption process, filenames of affected files are appended with the ".flowEncryption" extension.

For example, a file named something like "1.jpg" would appear as "1.jpg.flowEncryption" following encryption. Once this process is complete, a pop-up window is displayed containing a brief ransom-demand message.

What is SportsHDSearchs?

SportsHDSearch is dubious software categorized as a browser hijacker. Following successful infiltration, it makes modifications to browser settings to promote sportshdearchs.com, a bogus search engine. Additionally, SportsHDSearchs has data tracking capabilities, which are employed to monitor users' browsing habits.

Due to the dubious techniques used to proliferate this browser hijacker, it is also classified as a Potentially Unwanted Application (PUA).

What is EG83 ransomware?

Discovered by xiaopao, EG83 is a malicious program that belongs to the Matrix ransomware family. Systems infected with this malware experience data encryption and ransom demands are made for decryption tools.

During the encryption process, the filenames of affected files are renamed according to this pattern: "[Evagreps83@yahoo.com].[random-string].EG83", which consists of the cyber criminals' email address, random character string and the ".EG83" extension.

For example, a file originally named "1.jpg" would appear as something similar to "[Evagreps83@yahoo.com].dqhJjlgS-xSmnD7U0.EG83" following encryption. After this process is complete, ransom messages within "!EG83_INFO!.rtf" files are dropped into compromised folders.