Virus and Spyware Removal Guides, uninstall instructions

What is The Government Forms Promos?

The Government Forms Promos is classified as adware. It is promoted as a tool capable of providing access to tax, immigration, DMV and many other forms. Instead of delivering these features, The Government Forms Promos runs intrusive advertisement campaigns, which deliver a variety of undesirable, deceptive and even harmful ads.

Additionally, this adware can monitor browsing activity. Since most users install The Government Forms Promos unintentionally, it is also classified as a Potentially Unwanted Application (PUA).

What is Search Power+?

Search Power+ is a potentially unwanted application (PUA), a browser hijacker. This rogue app hijacks browsers by assigning certain settings to searchpowerapp.com, the address of a fake search engine. PUAs often collect user-system information as well. Browser hijackers are categorized as PUAs, since people tend to download and install them inadvertently.

What is Eventbot?

Eventbot is a banking Trojan which targets Android users. It attempts to steal sensitive information (such as credit card details, credentials) using overlay technique. It also abuses the Accessibility Service. Eventbot can be the reason behind serious privacy issues, monetary loss and other problems.

What is Pekraut RAT?

Pekraut is malicious software classified as a Remote Access Trojan (RAT). This malware allows remote access and control over the infected device. RATs have a variety of capabilities and features, which enable a broad range of misuse. Pekraut Trojan has 27 commands, though at the time of research, one did not seem to be fully implemented.

There is reason to believe that Pekraut RAT is of German origin, since, although the commands are in English, the descriptions are in German. This is high-risk malware, which can cause especially serious issues.

What is Mpaj?

Mpaj is malicious software belonging to a family of ransomware infections called Djvu. The program is designed to encrypt victims' files, rename them by appending a specific extension, and create a ransom message. This ransomware renames all encrypted files by appending the ".mpaj" extension.

For example, it changes a file named "1.jpg" to "1.jpg.mpaj", "2.jpg" to "2.jpg.mpaj", and so on. It also creates a ransom message within a text file named "_readme.txt".

What is Tilde?

Discovered by dnwls0719, Tilde is a malicious program and adware classified as ransomware. During the encryption process, all affected files are appended with the ".~~~~" extension. For example, a file originally named as something like "1.jpg" would appear as "1.jpg.~~~~" following encryption.

Once this process is complete, a ransom message within a file called "Read~ME.txt" is dropped into every compromised folder.

What is Random Ransom?

Discovered by S!Ri, Random Ransom encrypts files, modifies their filenames and displays a pop-up window containing a message. Random Ransom changes encrypted files by appending the ".RANDOM" extension to filenames. For example, it renames "1.jpg" to "1.jpg.RANDOM", "2.jpg" to "2.jpg.RANDOM", and so on.

To restore (decrypt) files, victims are encouraged to follow the instructions in the pop-up window.

What is ActiveMulti?

ActiveMulti is a rogue application with browser hijacker characteristics and classified as adware. It operates by delivering intrusive advertisements, altering browser settings and promoting fake search engines. This app promotes Safe Finder via the akamaihd.net website.

Additionally, most adware and browser hijackers have data tracking capabilities, which are employed to monitor users' browsing habits. Since most users download/install ActiveMulti intentionally, it is also classified as a Potentially Unwanted Application (PUA).

What are the Netuniverse sites?

Netuniverse is a group of deceptive websites running various schemes. Sites belonging to this family have been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" scam, however, they might also promote other dubious schemes.

Few users access Netuniverse web pages intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed on the system.

What is mysupertab.com?

mysupertab.com is the address of a fake search engine. Typically, fake search engines are promoted through potentially unwanted applications (PUAs) classified as browser hijackers. Note that mysupertab.com is promoted through a PUA named MySuperTab.

Apps of this type promote addresses of fake search engines by modifying browser settings. Commonly, browser hijackers also collect various user-system information. Typically, people download and install browser hijackers unintentionally.