Virus and Spyware Removal Guides, uninstall instructions

What is WebSecurerr?

WebSecurerr (also known as WebSecurerr Browser Protection) is rogue software categorized as a browser hijacker.

It modifies browser settings to promote searchsecurer.com (a fake search engine). Additionally, this browser hijacker monitors users' browsing activity. Due to the dubious methods used to proliferate WebSecurerr, it is also classified as a Potentially Unwanted Application (PUA).

What is VidSearch?

VidSearch is a typical browser hijacker: it promotes the address of a fake search engine by modifying certain browser settings. In this case, it assigns them to vid-search.com. As well as hijacking browsers, these apps often record data. Browser hijackers are categorized as potentially unwanted applications (PUAs), since people often download and install them inadvertently.

What is Nuzzero?

Nuzzero hijacks web browsers by changing certain settings to nuzzero.com (the address of a fake search engine). It is also likely that this app collects information relating to users' browsing habits. Generally, people download and install browser hijackers inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is Wabot malware?

Wabot is a malicious program, malware classified as an Internet Relay Chat (IRC) worm. Software within the worm classification is typically self-proliferating. I.e., it copies itself from one location to another, such as from directories, drives, systems or networks, to other corresponding locations.

IRC worms usually need the infected device to contain a specific client (e.g. application) to continue spreading.

What is TheMaskSearch?

TheMaskSearch is a browser hijacker which promotes themasksearch.com by changing certain browser settings. Like most URLs promoted by apps of this type, themasksearch.com is the address of a fake search engine. In most cases, browser hijackers gather browsing-related (and other) information.

Users often download and install these apps inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is "Audit and Assurance Email Virus"?

This malspam campaign is disguised as a message from a global audit, accounting and consulting group called Mazars. In fact, this company has nothing to do with this bogus email. The main purpose of this campaign is to trick recipients into opening the attached file, a malicious HTML file disguised as an invoice.

When opened, this file downloads another file designed to infect computers with SDBBot, a Remote Administration Trojan (RAT).

What kind of malware is Upatre?

Upatre is a malicious program which operates as a backdoor Trojan (opens a 'backdoor' for other malware). Therefore, this rogue software can download and install additional malware (cause chain infections). These malicious programs are installed onto the compromised system and their actions depend on the goals and modus operandi of the cyber criminals using Upatre.

This is deemed to be a highly dangerous piece of software, and therefore Upatre must be removed from operating systems immediately upon detection.

What is Dungeon?

Discovered by Michael Gillespie, Dungeon belongs to the Xorist ransomware family. Like most other malware of this type, Dungeon encrypts files, changes filenames and creates a ransom message containing instructions about how to contact the cyber criminals, and various other details.

This ransomware also changes the desktop wallpaper. Dungeon renames encrypted files by appending the ".([dungeon]-0_0)" extension to filenames. For example, it would rename "1.jpg" to "1.jpg.([dungeon]-0_0)", "2.jpg" to "2.jpg.([dungeon]-0_0)", etc. It drops a ransom message ("HOW TO DECRYPT FILES.txt" file) into every folder that contains encrypted data.

What is Vawe ransomware?

Vawe is malicious software belonging to the Djvu ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools/software. During the encryption process all affected files are appended with the ".vawe" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.vawe" following encryption. After this process is complete, a ransom message ("_readme.txt") is dropped into compromised folders.

What is GhostSearch?

GhostSearch changes certain browser settings to ghost-search.com (the address of a fake search engine). Apps of this type tend to collect data relating to web browsing activities. These browser hijackers are often downloaded and installed unintentionally and are, therefore, categorized as potentially unwanted applications (PUAs).