Virus and Spyware Removal Guides, uninstall instructions

What is MultiUpgrade?

Adware such as MultiUpgrade is rogue software that serves advertisements. Apps of this type often collect various user-system information.

People do not generally download or install apps such as MultiUpgrade intentionally. Therefore, they are classified as potentially unwanted applications (PUAs). Note that MultiUpgrade promotes the Safe Finder website (a web search tool) by opening it via akamaihd.net.

What is Likud?

Likud is a malicious program classified as ransomware. This malware is related to the Israel election and is designed to target Israeli users. Likud ransomware encrypts the data of infected systems so that ransom demands can be made for decryption. During the encryption process, all affected files are appended with the ".likud" extension.

For example, a file originally named "1.jpg" would appear as "1.jpg.likud" following encryption. After this process is complete, a pop-up window is displayed and the desktop wallpaper is changed. Fortunately, files affected by this ransomware can be 'cracked' using the following decryption key: "ILELECTION2020".

What is ArchiveIdea?

ArchiveIdea is a potentially unwanted application (PUA) classified as adware. This app generates revenue for its developers by feeding users with various advertisements. Research shows that ArchiveIdea is capable of accessing and recording sensitive information and also promotes the Safe Finder web search tool by opening it through akamaihd.net.

Note that people do not generally download or install adware (or other PUAs) intentionally.

What is ActivelySearch?

ActivelySearch generates revenue for its developers by serving online advertisements. Apps of this type are classified as adware. Research shows that ActivelySearch also functions as a browser hijacker - it promotes the address of a fake search engine by changing browser settings.

Since most users do not generally download or install browser hijackers or adware-type applications intentionally, these apps are classified as potentially unwanted applications (PUAs). Research shows that ActivelySearch is often installed via a fake Adobe Flash Player installer.

What is the "COVID-19 Relief" email virus?

"COVID-19 Relief" is the subject of a scam email used to infect recipients' systems with ZLoader malware, which injects the Zeus banking Trojan. As as the title/subject implies, "COVID-19 Relief" emails are part of a Coronavirus/COVID-19-themed spam campaign, which is just one of many that exploit this pandemic.

These messages target Canadian users by claiming that recipients need to complete a form to receive financial relief payments, which are approved by Justin Trudeau, the Prime Minister of Canada.

What is Zoom virus?

"Zoom virus" is a generic term used to define unwanted or malicious software proliferated under the guise of content relating to the Zoom application/services.

Zoom Video Communications is a legitimate conferencing service, providing a cloud-based communication platform that enables people to have audio and video conferences, online meetings and exchange messages via chat.

Due to Zoom's accessibility (cross-platform, basic plans available free, etc.) and the current social climate (Coronavirus/COVID-19 pandemic), cyber criminals have begun misusing the company/product name to further their malicious purposes.

As Zoom's user base has grown exponentially with the influx of remote workers/students, so has cyber crime targeting this service/app.

What is Youlittmeet?

Youlittmeet is a family of deceptive web pages. In most cases, such families include web pages designed to advertise potentially unwanted applications (PUAs) like browser hijackers, adware-type applications. Some might be malicious and used to spread rogue programs such as Trojans and ransomware.

Furthermore, Youlittmeet and other families often include various scam websites (fake lotteries, surveys), and other untrusted web pages. In any case, Youlittmeet sites can never be trusted. If the browser opens these sites automatically, it might be due to a PUA already installed on the browser/system.

What is Protect ransomware?

Protect (Hydra) encrypts files, changes the filenames, and creates a ransom message. It renames all encrypted files by appending the ".protect" extension to filenames. For example, "1.jpg" becomes "1.jpg.protect", "2.jpg" to "2.jpg.protect", and so on.

Instructions about how to contact the cyber criminals who designed this ransomware (and some other information) are provided in a text file named "===__________HOW DECRYPT MY FILES__________===.txt".

What is Wanna Decrypt0r 4.0?

Discovered by dnwls0719, Wanna Decrypt0r 4.0 emulates WannaCry malware and is a malicious program belonging to the Jigsaw ransomware family. This ransomware encrypts the data of infected systems and makes ransom demands for decryption. During the encryption process, all files are appended with the ".WNCRY" extension.

For example, a file originally named "1.jpg" would appear as "1.jpg.WNCRY" following encryption. After this process is complete, a pop-up window is displayed.

What is DisplayProgram?

DisplayProgram supposedly improves the browsing experience, however, it simply generates revenue for the developers by serving advertisements.

DisplayProgram is adware and also classified as a potentially unwanted application (PUA), since people often download and install it unintentionally. Note that adware displays ads and collects various user-system information. Research shows that this particular app promotes the Safe Finder website by opening it via akamaihd.net.