Virus and Spyware Removal Guides, uninstall instructions

What is MDEN?

Belonging to the Matrix malware family, MDEN is an updated variant of SDEN ransomware. It operates by encrypting the data of infected systems and demanding payment for decryption tools/software.

During the encryption process, all affected files are renamed according to the following pattern: cyber criminals' email address, random character string and the ".MDEN" extension (e.g. "[SmartDen@protonmail.com].[random_string].MDEN").

For example, a file originally named "1.jpg" would appear as something similar to "[SmartDen@protonmail.com].D2zz3DBL-wR4kbmCn.MDEN" following encryption. Additionally, MDEN malware deletes Shadow Volume Copies of files.

After the encryption process is finished, a file ("!MDEN_INFO!.rtf") containing a ransom message is dropped into every compromised folder.

What is SoloProcess?

SoloProcess is advertised as a tool designed to improve the browsing experience, however, it is actually a potentially unwanted application (PUA) classified as adware. Software of this type displays various advertisements. Adware-type apps also operate as information tracking tools - they gather information relating to systems and users.

Note that, in most cases, people download and install adware unintentionally.

What is Hide My History?

Hide My History is the name of a browser hijacker, a potentially unwanted application (PUA) that promotes hidemyhistory.co, the address of a fake search engine.

Generally, browser hijackers promote these addresses by changing certain browser settings. Furthermore, most apps of this type operate as information tracking tools and collect browsing data. Generally, people download and install browser hijackers (and other PUAs) inadvertently. Note that Hide My History is installed together with another PUA called Your Search Tool.

What is Free Package Tracker Promos?

Free Package Tracker Promos is categorized as adware and promoted as a free tool for easy access to various package tracking services. It operates by running intrusive advertisement campaigns. Therefore, it delivers unwanted, deceptive and even harmful ads.

Furthermore, it gathers browsing-related information. Due to its dubious proliferation methods, Free Package Tracker Promos is also classified as a Potentially Unwanted Application (PUA).

What is Maps & Directions Online Promos?

The Maps & Directions Online Promos application apparently allows users to search for directions and maps, however, it operates as adware and displays various advertisements. People do not generally download or install apps of this type intentionally and, therefore, they are classified as potentially unwanted applications (PUAs).

Furthermore, adware-type applications collect user-system information.

What is Mark (Dharma)?

Discovered by Jakub Kroustek, Mark (Dharma) is a part of the Dharma ransomware family. This ransomware renames all encrypted files by adding the victim's ID, mark_white@mail.ua email address, and ".Mark" extension to filenames. For example, a file named "1.jpg" might become "1.jpg.id-1E857D00.[mark_white@mail.ua].Mark", and so on.

Mark (Dharma) ransomware also creates a ransom message within a text file ("FILES ENCRYPTED.txt") and displays another message in a pop-up window.

What is the Voyager ransomware?

Discovered by Petrovic, Voyager is a new variant of Hermes837 ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".voyager" extension.

For example, a file named "1.jpg" would appear as "1.jpg.voyager" following encryption. After this process is complete, a ransom message ("!READ_ME.txt") is dropped into each compromised folder.

What is SpeedyFixer?

SpeedyFixer is advertised as software that boosts computer speed and fixes various errors, crashes and application freezes. In fact, it is classified as a potentially unwanted application (PUA) due to its associated distribution methods (SpeedyFixer is promoted by including it into the set-ups of other software).

Many users download and install applications of this type unintentionally.

What are the Gourluck websites?

Gourluck is a group of deceptive sites. These web pages run various scams, including a commonly promoted scheme called "Dear Safari User, You Are Today's Lucky Visitor". Few users enter these websites intentionally - most are redirected to them by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system.

Note that these apps do not need explicit consent to be installed onto devices. Following successful infiltration, however, PUAs cause redirects, deliver intrusive advertisement campaigns, hijack browsers and track data.

What is Adhubllka ransomware?

Discovered by S!Ri, Adhubllka is a malicious program classified as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for appropriate decryption tools/software. When Adhubllka encrypts, it renames files by adding the ".ADHUBLLKA" extension.

For example, a file originally named "1.jpg" would appear as "1.jpg.ADHUBLLKA" following encryption, and so on for all affected files. After this process is complete, a text file ("read_me.txt") containing the ransom message is created on the desktop.