Virus and Spyware Removal Guides, uninstall instructions

What is HelpFeature?

HelpFeature is an adware-type application that runs intrusive advertisement campaigns (i.e., it delivers various unwanted and harmful ads). This app also shares characteristics with browser hijackers such as browser modification and bogus search engine promotion.

HelpFeature specifically promotes Safe Finder through akamaihd.net. Additionally, since most users download/install this app unintentionally, HelpFeature is classified as a Potentially Unwanted Application (PUA). Most PUAs, regardless of type and capabilities, can monitor and gather browsing-related information.

What is eztv[.]io?

eztv[.]io is a dubious Peer-to-Peer sharing website, which allows people to share content through torrent files. These sites infringe copyright laws and often use rogue advertising networks for monetization. Note that eztv[.]io is no exception. Visitors to this site can be redirected to various other untrusted, deceptive and even malicious web pages.

Additionally, torrent sites commonly offer malware (e.g. Trojans, ransomware, etc.) for download, disguised as, or bundled with, normal software and media files. You are strongly advised against using eztv[.]io or other dubious download sources.

What is "RedCross Email Scam"?

There are many emails scams on the internet. Scammers send the messages to deceive unsuspecting recipients into providing personal information, transferring money, etc.

In this particular case, they attempt to take advantage of fears surrounding the coronavirus outbreak and seek to trick people into sending Bitcoins by claiming that this will support World Health Organization (WHO) efforts to prevent and respond to the pandemic.

Do not trust this or other similar scams. More importantly, do not transfer any money to the provided Bitcoin wallet addresses, or by other means.

What is InfoSearch?

InfoSearch is a rogue application classified as adware. It operates by enabling the placement of various intrusive advertisements on any visited website. This app also shares characteristics with browser hijackers such as browser settings modification and fake search engine promotion.

Additionally, most adware programs and browser hijackers can track browsing-related information. Due to these dubious InfoSearch proliferation methods, it is also categorized as a Potentially Unwanted Application (PUA). One such distribution tactic of this application is through a fake Adobe Flash Player.

Note that bogus software updaters and installers are often used to proliferate PUAs and even Trojans, ransomware and other malware.

What is Ahegao?

Ahegao is designed to encrypt victims' data, rename every encrypted file and display a pop-up window containing a ransom message. This ransomware renames encrypted files by appending the ".ahegao" extension to filenames. For example, it changes "1.jpg" to "1.jpg.ahegao", "2.jpg" to "2.jpg.ahegao", and so on.

Typically, victims cannot access or use their data unless they decrypt it with a tool and/or key held only by the cyber criminals who designed the ransomware.

What is the Lucifer malware?

Lucifer is a malicious program classified as a banking Trojan. It primarily targets banking information, however, this malware also makes attempts to exfiltrate data relating to email, e-commerce and streaming accounts. Its range of attacks has covered most of Latin America, and Europe, Asia and North America.

There is reason to believe that the Lucifer Trojan will expand its area of interest and may become operational worldwide. In some cases, Lucifer malware has been distributed using the LokiBot trojan.

What is ExperienceLine?

The ExperienceLine app supposedly improves the browsing experience. In fact, it promotes the Safe Finder website (by opening it through akamaihd.net) and feeds users with advertisements. Adware can often access and collect various user-system information.

Note that apps such as ExperienceLine are categorized as potentially unwanted applications (PUAs), since people often download and install this adware inadvertently.

What is Rhino ransomware?

Rhino is a part of the Dcrtr ransomware family. Like other malware of this type, it encrypts files on infected systems and encourages victims to pay a ransom to recover them. Rhino renames encrypted files by adding the generalchin@countermail.com email address and appending the ".rhino" extension to their filenames.

For example, it would rename a file called "1.jpg" to "1.jpg.[generalchin@countermail.com].rhino", "2.jpg" to "2.jpg.[generalchin@countermail.com].rhino", and so on. Rhino also drops the "info.hta" file in the "%APPDATA%" folder and the "ReadMe_Decryptor.txt" file on the desktop. Both of these files contain the ransom messages.

What is Lesli?

Lesli is a malicious program belonging to the CryptoMix ransomware family. This malware operates by encrypting the data of infected systems and demanding payment for decryption tools/software.

When Lesli ransomware encrypts, files are renamed according to this pattern: original filename, cyber criminals' email address, unique ID assigned to the victim, and the ".lesli extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.email[supl0@post.com]id[4dfb70f41e857d00].lesli" following encryption.

Once this process is complete, a ransom message within the "INSTRUCTION RESTORE FILE.TXT file is dropped into every affected folder.

What is PanelStyle?

PanelStyle is a rogue app, categorized as adware. It delivers various intrusive advertisements, which seriously diminish browsing quality. Additionally, PanelStyle possesses browser hijacker traits, e.g. browser modifications and fake search engine promotion.

This application promotes Safe Finder via akamaihd.net. Due to its questionable proliferation methods, PanelStyle is also classified as a PUA (Potentially Unwanted Application). Most PUAs have data tracking abilities, which are employed to spy on users' browsing activity; it is highly likely that PanelStyle has such abilities as well.