Virus and Spyware Removal Guides, uninstall instructions

What is "Adobe Document Cloud E-Signing Email Virus"?

Cyber criminals often attempt to deceive users into installing malware on the operating system by sending emails that contain malicious attachments (or website links that download the malicious files). Their main goal is to trick recipients into opening the dangerous files, which install malicious software.

In this case, cyber criminals send emails that contain documents designed to install Emotet. Do not trust this or other, similar emails. More importantly, do not open their contents (attachments/links).

What is InLog browser?

From the same developers as the Inlog Optimizer PUA (Potentially Unwanted Application), InLog is a rogue browser and based on a legitimate, open-source project called Chromium. While promoted as genuine software, using it significantly diminishes the browsing experience.

It operates as adware and delivers intrusive advertisement campaigns. Due to InLog browser's dubious proliferation methods, which enable it to infiltrate systems without users' consent, it is classified as a PUA

What is SERVO99?

Based on other ransomware named Hakbit, SERVO99 (also known as BSJB) was discovered by James. SERVO99 encrypts files, changes the desktop wallpaper and drops a ransom message in all folders that contain encrypted data. It renames encrypted files by appending the ".crypted" extension to filenames.

For example, "1.jpg" becomes "1.jpg.crypted", and so on. SERVO99 creates a ransom message in a text file named "HELP_ME_RECOVER_MY_FILES.txt".

What is 8800?

Discovered by malware researcher, Raby, 8800 is a malicious program belonging to the Dharma ransomware family. This malware is designed to encrypt the data of infected systems and demand payment for decryption.

During the encryption process, all affected files are renamed according to the following pattern: original filename, unique ID, cyber criminals' email address and the ".8800" extension.

For example, a file such as "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[assonmolly5@gmail.com].8800" following encryption. Once this process is complete, a text file ("FILES ENCRYPTED.txt") is created and a pop-up window is displayed.

What is the bc[.]vc site?

cc[.]vc offers URL (web address) shortening services, however, it also employs rogue advertising networks. Visitors to this site are presented with various dubious and harmful ads and/or are redirected to other untrusted and possibly malicious web pages. Therefore, you are strongly advised against visiting or using bc[.]vc.

What is SearchWebSvc?

SearchWebSvc is one of the potentially unwanted applications (PUAs) that are part of the AdLoad adware family. These apps are designed to feed users with various intrusive advertisements and promote the address of a fake search engine. 

SearchWebSvc promotes akamaihd.net, an address that redirects visitors to a fake search engine (home.searchpulse.net or search.searchpulse.net).

These apps are designed to collect various information as well. Like a number of other apps from the AdLoad family, SearchWebSvc is distributed through a fake Adobe Flash Player installer. Typically, people download and install adware such as SearchWebSvc and other PUAs unintentionally.

What is PLEX?

Discovered by Jakub Kroustek, PLEX is malicious software belonging to the Crysis/Dharma ransomware family. Systems infected with this malware have their data encrypted and demand ransom payments for decryption.

During the encryption process, all compromised files are renamed according to the following pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".PLEX" extension. For example, a file such as "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[dryidik@tutanota.com].PLEX" following encryption.

After this process is complete, a text file ("FILES ENCRYPTED.txt") is created on the desktop and a pop-up window is displayed. Updated variants of this ransomware use the ".[whyruencrypt@tutanota.com].PLEX" extension for encrypted files.

What is "Fake flash player update"?

There are many websites that are designed to deceive visitors into using a fake Adobe Flash Player installer, which supposedly updates the currently installed version. These fake installers are designed to install browser hijackers, adware and other potentially unwanted applications (PUAs).

In some cases, they infect operating systems with ransomware, Trojans, or other high-risk malware. Typically, these fake Adobe Flash Player installers are promoted on untrustworthy web pages that have nothing to do with the official Adobe Flash Player version or its download page. Criminals who promote such scams also target Mac users.

What kind of malware is Barak?

Barak is a malicious program belonging to the Phobos ransomware family. It operates by encrypting data and demanding payment for decryption tools/software. During the encryption process, files are renamed with the following pattern: original filename, unique ID, cyber criminals' email address and the ".Barak" extension.

For example, a file such as "1.jpg" would appear as "1.jpg.id[1E857D00-2378].[smithhelp@mail.ee].Barak", and so on for all of the affected files.

After this process is finished, ransom messages ("info.hta" and "info.txt") are created on the desktop. Updated variants of this ransomware use the ".[propixt@cock.li].Barak" and ".[torhelp@mail.ee].Barak" extensions for encrypted files.

What is "Secret Love Email Virus"?

"Secret Love" is a spam email campaign that cyber criminals employ to trick recipients into extracting an attached ZIP archive file and executing the resultant JavaScript (.js) file. If executed, this file installs NEMTY 2.5 REVENGE ransomware. We strongly advise that you ignore this email and, more importantly, do not open the attached file.