Virus and Spyware Removal Guides, uninstall instructions

What is Shootlock?

Discovered by Michael Gillespie, Shootlock is a malicious program and a new Makop ransomware variant. This malware encrypts data of the infected system to demand ransom payments for decryption tools/software.

When Shootlock ransomware encrypts data, all affected files are renamed according to the following pattern: original filename, unique ID assigned to victims, cyber criminals' email address and the ".shootlock" extension.

For example, a file such as "1.jpg" would appear as something similar to "1.jpg.[E38D7F03].[n0pr0blems@protonmail.com].shootlock" following encryption.

Once this process is complete, a ransom message ("readme-warning.txt") is created on the desktop. Updated variants of this ransomware use the ".[troubleshooter@cock.li].shootlock" extension for encrypted files.

What kind of malware is BazarBackdoor?

BazarBackdoor was developed by the cyber criminals who developed TrickBot. They use this 'backdoor' malware as a tool to compromise infected networks. They might also use it to attack regular users. In most cases, threat actors use software such as BazarBackdoor to steal sensitive, financial data, and install additional malware.

If you have BazarBackdoor or other malware installed on your computer, remove it immediately.

What is Translations Instant?

Like most browser hijackers, Translations Instant assigns certain browser settings to the address of a fake search engine (to promote it). In this case, it sets them to translationsinstanthtab.com. Commonly, apps of this type record various user-system information (typically, browsing-related details) as well.

People often download apps such as Translations Instant inadvertently and, therefore, these browser hijackers are categorized as potentially unwanted applications (PUAs).

What is Easy News Now?

Easy News Now is advertised as an app which provides quick access to various news-related web pages, however, this is a potentially unwanted application (PUA) classified as adware. Easy News Now serves advertisements and might collect browsing-related (and other) information.

Adware-type apps are classified as PUAs, since people tend to download and install them inadvertently.

What is Search Sherpa?

Search Sherpa is a browser hijacker. This piece of software modifies browser settings to promote search-sherpas.com, a fake search engine. Furthermore, it possesses data tracking capabilities employed to monitor users' browsing activity. Due to its dubious proliferation methods, Search Sherpa is also classified as a Potentially Unwanted Application (PUA).

What is Zorgo?

Zorgo is a malicious ransomware-type program based on HiddenTear. It is designed to encrypt the data of infected systems in order to demand payment for decryption. During the encryption process, all affected files are appended with the ".zorgo" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.zorgo" following encryption. After this process is complete, a file named "READ_IT.txt" containing the ransom message is dropped into every compromised folder. Additionally, Zorgo changes the desktop wallpaper.

What is InteractivePremium?

InteractivePremium is a rogue application classified as adware. It runs intrusive advertisement campaigns. Additionally, it has browser hijacker characteristics. InteractivePremium modifies browsers to promote bogus search engines. This app promotes Safe Finder via akamaihd.net.

Most adware type apps and browser hijackers have data tracking capabilities, which are employed to monitor users' browsing habits. Due to InteractivePremium's dubious proliferation methods, it is classified as a Potentially Unwanted Application (PUA).

What is GalaxySpin?

GalaxySpin is rogue software categorized as a browser hijacker. It operates by making alterations to browser settings to promote galaxyspin.com (a fake search engine). Additionally, as is common to browser hijackers, GalaxySpin can track browsing-related data. Since most users install GalaxySpin inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is TRAMP?

Part of the Dharma ransomware family, TRAMP prevents victims from accessing their files by encryption, changes filenames, creates ransom messages and displays another message in a pop-up window. TRAMP renames encrypted files by adding the victim's ID and clevercrypt@aol.com email address, and appending the ".TRAMP" extension to filenames.

For example, it renames a file named "1.jpg" to "1.jpg.id-1E857D00.[clevercrypt@aol.com].TRAMP", "2.jpg" to "2.jpg.id-1E857D00.[clevercrypt@aol.com].TRAMP", and so on. It also drops the "FILES ENCRYPTED.txt" text file (the ransom message) in every folder that contains encrypted files.

What is ServiceBuilder?

ServiceBuilder supposedly improves the browsing experience and is useful in various other ways, however, this app serves advertisements, gathers information (including private, sensitive details) and promotes Safe Finder (by opening it via akamaihd.net).

In most cases, people download and install adware unintentionally. Therefore, ServiceBuilder and other apps of this type are categorized as potentially unwanted applications (PUAs).