Virus and Spyware Removal Guides, uninstall instructions

What is BANG?

BANG is a malicious program belonging to the Dharma ransomware family. The discovery of this malware is credited to Jakub Kroustek. Following successful infiltration, BANG ransomware encrypts files in order to demand payment for decryption.

During the encryption process, all affected files are renamed according to this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".BANG" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[gangflsbang@protonmail.ch].BANG" following encryption.

After this process is complete, ransom-demand messages are created in a pop-up window and the "FILES ENCRYPTED.txt" text file.

What is the DarkTrack RAT?

DarkTrack is a malicious program classified as a Remote Access Trojan (RAT). This type of malware enables remote access and control over an infected device. The level of control these programs have varies, however, some can allow user-level manipulation of the affected machine.

The functionalities of RATs likewise varies and so does the scope of potential misuse. DarkTrack has a broad range of functions/capabilities, which make this Trojan a highly-dangerous piece of software.

What is SearchModule?

SearchModule is an adware-type application with browser hijacker characteristics. Following successful infiltration, this app delivers various unwanted and dangerous advertisements, modifies browsers and promotes a fake search engine. Additionally, most adware and browser hijackers can record browsing-related data.

Since many people download/install SearchModule unintentionally, it is also classified as a Potentially Unwanted Application (PUA). One of the dubious techniques used to distribute SearchModule is via fake Adobe Flash Player updates. These bogus software updaters/installers are used to proliferate not only PUAs, but also Trojans, ransomware and other malware.

What is application-update[.]com?

The application-update[.]com website loads various scams. Research shows that the displayed scams target mainly mobile users. At the time of research, all scams served by application-update[.]com were designed to trick people into installing various potentially unwanted applications (PUAs).

Note that apps should never be downloaded from unofficial, deceptive websites, even if the apps are legitimate.

What is Maps N' Direction Hub?

Maps N' Direction Hub is a rogue application endorsed as a tool for easy access to various maps and routes. It is classified as a browser hijacker due to the modifications it makes to browsers to promote hmapndirectionhub.com (a bogus search engine). Maps N' Direction Hub also monitors users' browsing activity.

Furthermore, due to the dubious methods used to distribute this app, it is classified as a Potentially Unwanted Application (PUA). Note that Maps N' Direction Hub is often distributed together with Hide My History, another PUA.

What is "Your Google Ads account has been suspended"?

Phishing emails such as this are often sent by cyber criminals who attempt to deceive unsuspecting recipients into providing private, sensitive information. In this particular case, they send emails claiming that the recipients' Google Ads accounts have been suspended and urge them to restore the accounts by logging in via a deceptive website.

Note that Google has nothing to do with this email or the bogus website. Therefore, you should ignore this phishing scam.

What kind of software is Manuals Directory Search?

Manuals Directory Search is a potentially unwanted application (PUA), a browser hijacker that promotes the search.manualsdirectory-api.org fake search engine by modifying browser settings.

It is categorized as a PUA, since people often download and install this type of browser hijacker inadvertently. Note that, as well as promoting fake search engines, these apps collect information relating to users' browsing activities.

What is "ShareFile Attachment Email Scam"?

This is one of many phishing emails disguised as legitimate messages and distributed to trick unsuspecting recipients into providing the requested information: ShareFile login credentials (email address and password). Cyber criminals behind this email attempt to steal ShareFile accounts and might also use the provided information to steal other accounts.

You are strongly advised to ignore this email. Do not to enter the requested details on the deceptive website.

What is the "COVID-19 test" email?

"COVID-19 test" is yet another Coronavirus/COVID-19-themed spam email campaign. There are several variants of these deceptive emails, however, the common thread is that they all offer free coronavirus testing to recipients.

The messages claim that the attached files are forms/applications, however, the Excel spreadsheets initiate an infection chain: download/installation of the TrickBot Trojan. The primary purpose of this malware is to steal data such as banking information, cryptowallets and other private data.

What is Solider?

Solider was discovered by Amigo-A. This ransomware encrypts files, renames them by appending an extension, and generates ransom messages. Solider appends the ".xsmb" extension to a name of each encrypted file. For example, it renames a file named "1.jpg" to "1.jpg.xsmb", "2.jpg" to "2.jpg.xsmb", and so on.

It drops ransom messages ("contact.txt" and "contact.png") in all folders that contain encrypted data.