Virus and Spyware Removal Guides, uninstall instructions

What is the Cardinal RAT?

Cardinal is a Remote Access Trojan (RAT), which allow users (often cyber criminals) remote access and control over an infected device. Malware classified as RATs can have a wide variety of malicious capabilities/features, which can lead to serious issues. Cardinal RAT has been observed being leveraged against Israeli financial technology companies.

For example, firms developing software relating to foreign exchange and cryptocurrency trading.

What is Hakops?

Hakops is a program designed to secretly monitor and log keystrokes. Typically, cyber criminals attempt to trick users into installing this software so that they can steal passwords and other confidential information entered via the keyboard. Therefore, having a keylogger such as Hakops installed on your computer might cause serious problems.

What is CCD?

Belonging the Dharma ransomware family, CCD is a form of malware that encrypts files. Like most programs of this type, CCD renames all encrypted files and provides victims with instructions about how to contacts the developers. It renames files by adding the victim's ID, CCD-help@protonmail.ch email address and appending the ".ccd" extension to filenames.

For example, it might change "1.jpg" to "1.jpg.id-1E857D00.[CCD-help@protonmail.ch].ccd", "2.jpg" to "2.jpg.id-1E857D00.[CCD-help@protonmail.ch].ccd" and so on. CCD creates a ransom message within the "FILES ENCRYPTED.txt" file and displays another in a pop-up window.

What is SelectionDaily?

SelectionDaily is a potentially unwanted application (PUA) classified as adware. Apps of this type feed people with various advertisements. This particular app also promotes the Safe Finder site by opening it via akamaihd.net and collects private, sensitive information. Typically, users download and install adware (and other PUAs) inadvertently.

What is select-search.com?

select-search.com is the address of a fake search engine. These bogus search engines are typically promoted by rogue software classified as a browser hijackers. They promote fake search engines by modifying browser settings. Additionally, browser hijackers and bogus search engines commonly monitor and collect browsing-related information.

Browser hijackers are rarely installed intentionally, and are therefore also classified as Potentially Unwanted Applications (PUAs).

What is SearchSpace?

SearchSpace supposedly improves the browsing experience, however, this app is a potentially unwanted application (PUA), a browser hijacker. It promotes the address of a fake search engine (search-space.net) by changing browser settings. Therefore, SearchSpace hijacks browsers by forcing users to search with a fake search engine.

Note that apps of this type often collect user-system information. Browser hijackers are classified as PUAs, since many people download and install them unintentionally.

What is AnarchyGrabber?

Discovered by MalwareHunterTeam, AnarchyGrabber is updated, malicious software that targets Discord users. Both original and updated versions steal users' accounts, however, the updated version is capable of evading detection by modifying client files. Cyber criminals distribute this malware on various hacker forums and via YouTube videos (links in the descriptions).

What is BlackOrchid?

Discovered by cybersecurity researcher GrujaRS, BlackOrchid is a malicious program classified as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for the decryption tools. During the encryption process, all affected files are appended with the ".shinya" extension.

For example, a file such as "1.jpg" would appear as "1.jpg.shinya" following encryption. Once this process is complete, a pop-up window is displayed.

What is ExpertProjectSearch?

ExpertProjectSearch is an adware-type application. As well as delivering various intrusive advertisements, this app also has capabilities common to browser hijackers. These include browser modification and promotion of fake search engines. Practically all adware-type programs and browser hijackers can monitor users' browsing habits.

Due to ExpertProjectSearch's dubious proliferation methods, it is also classified as a Potentially Unwanted Application (PUA). ExpertProjectSearch is proliferated using bogus Adobe Flash Player updaters/installers. These fake update/installation set-ups are often used to proliferate PUAs or even Trojans, ransomware and other malware.

What is encS?

encS (or encL) is an updated variant of DeathHiddenTear ransomware. This variant was discovered by GrujaRS and encrypts victims' files, changes their filenames and creates a ransom message. It renames all files by appending the ".encS" (or ".encL") extension to filenames.

For example, a file named "1.jpg" becomes "1.jpg.encS" (or "1.jpg.encL"), "2.jpg" to "2.jpg.encS" (or "2.jpg.encL"), and so on. Instructions about how to contact the cyber criminals who designed this ransomware are provided in a text file named "Decrypt Instructions.txt".