Virus and Spyware Removal Guides, uninstall instructions

What is the World Events Today browser hijacker?

World Events Today is a rogue application classified as a browser hijacker and a Potentially Unwanted Application (PUA). It is advertised as a tool capable of providing easy access to the latest news. As a browser hijacker, World Events Today operates by modifying browsers to promote the search.hworldeventstoday.com (or hp.hworldeventstoday.com) fake search engine.

Additionally, it has data tracking capabilities, which are employed to monitor users' browsing activity. This app is classified as a PUA, since most users install it inadvertently. Note that World Events Today is frequently distributed together with another PUA called Hide My History.

What is Search By OpenFile?

Search By OpenFile is a browser hijacker, a potentially unwanted application (PUA) designed to improve the browsing experience. In fact, this app promotes openfile-home.live and search.openfile-api.live (fake search engines) by changing browser settings.

It also promotes openfile.live and gathers browsing-related data. Typically, users do not download or install browser hijackers (or other PUAs) intentionally.

What is Rails?

Discovered by dnwls0719, Rails is malicious software belonging to a ransomware family called Ouroboros. This malware operates by encrypting data and demanding payment for decryption tools/software.

During the encryption process, all affected files are renamed according to the following pattern: original filename, cyber criminals' email address, unique ID and the ".rails" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.Email=[tools1990m@gmail.com]ID=[KIUYNCTQQQDGBXYTDICU].rails".

After this process is complete, a text file ("How_to_Unlock_Files.txt") containing the ransom demand-message is created on the desktop.

What is Oniria?

Oniria is a potentially unwanted application (PUA) categorized as adware. People often download and install applications of this type inadvertently. When installed, adware-type apps feed users with various intrusive advertisements and gather data.

What is Corona ransomware?

Discovered by dnwls0719, Corona is a malicious program belonging to the Hakbit ransomware family. Following infection, the device's data is encrypted and users receive ransom demands for decryption. Typically, ransomware renames affected files during the encryption process, however, filenames of files compromised by Corona malware remain unchanged.

Once encryption is complete, a ransom message within the "HELP_ME_RECOVER_MY_FILES.txt" file is dropped onto the desktop.

What is TotalSearch?

TotalSearch is one of many potentially unwanted applications (PUAs) that people tend to download or install unintentionally. This PUA is categorized as adware - it serves various intrusive advertisements. Apps such as TotalSearch can also gather various information.

What is the KingResults adware?

KingResults is an adware-type application falsely advertised as a tool designed to improve the browsing experience. It can supposedly provide accurate search results, fast searches and similar functionality. In fact, KingResults runs intrusive advertisement campaigns.

Therefore, this app delivers annoying ads that can endanger device/user safety. Since most users install KingResults inadvertently, it is classed as a Potentially Unwanted Application (PUA). Furthermore, PUAs (including adware) usually have data tracking capabilities, which are employed to monitor users' browsing activity.

What is pushworldtool[.]com?

pushworldtool[.]com is one of many rogue websites that redirect visitors to other untrustworthy sites or load dubious content. Some examples of other similar sites are find-soulmates[.]com, best-girls-ever[.]com and hellopushworld[.]com.

Most people do not visit these sites intentionally - browsers usually open them when potentially unwanted applications (PUAs) are installed. PUAs display advertisements and collect user-system information.

What is Harma?

First discovered by malware researcher, Jakub Kroustek, Harma is high-risk ransomware that belongs to the Dharma family. After successful infiltration, Harma encrypts most stored data, thereby rendering it unusable. Additionally, Harma appends filenames with the ".harma" extension plus the victim's unique ID and developer's email address.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.id-1E857D00.[ban.out@foxmail.com].harma". Once data is encrypted, Harma opens a pop-up window and stores a text file ("FILES ENCRYPTED.txt") on the victim's desktop.

What is Auto Purge?

The Auto Purge app is designed to keep browsing data safe by removing it automatically, however, this is a potentially unwanted application (PUA), a browser hijacker. Like most apps of this type, it promotes a fake search engine and gathers browsing data. People usually download and install browser hijackers and other PUAs inadvertently.