Virus and Spyware Removal Guides, uninstall instructions

What is TinyChill?

TinyChill is a browser hijacker endorsed as a tool capable of improving the browsing experience. It modifies browsers to promote feed.tinychill.com, a fake search engine. Additionally, TinyChill has data tracking capabilities, which are employed to gather information relating to users' browsing habits.

Due to its dubious proliferation methods (most users install this software unintentionally), TinyChill is also categorized as a Potentially Unwanted Application (PUA).

What is ChoiceFinder?

ChoiceFinder is a rogue application classified as adware. Following successful infiltration, the app runs intrusive advertisement campaigns, delivering various unwanted and harmful ads. Additionally, software classed as adware often has data tracking capabilities.

Since ChoiceFinder has dubious proliferation methods, it is also categorized as a Potentially Unwanted Application (PUA).

What is ProcessFresh?

ProcessFresh is categorized as a potentially unwanted application (PUA) and adware. Software of this type displays advertisements. PUAs also gather information (usually browsing data). In most cases, people download and install adware (and other PUAs) inadvertently.

What kind of malware is DeathHiddenTear?

Discovered by Michael Gillespie, DeathHiddenTear is a malicious program that is classified as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. During the encryption process, all affected files are renamed.

Original filenames are appended with an extension: small files with ".encryptedS" and large files (exceeding 500 MB) with ".encryptedL".

For example, a small file named "1.jpg" might appear as "1.jpg.encryptedS" following encryption. After this process is complete, a text file ("Decrypt Instructions.txt") is dropped onto the desktop. Note that DeathHiddenTear is decryptable ransomware: Victims can contact Michael Gillespie for free decryption.

What is EncoderCSL?

EncoderCSL ransomware was discovered by S!Ri. Typically, programs of this type encrypt files with strong encryption algorithms. Victims cannot access or use encrypted files unless they decrypt them with tools purchased from the cyber criminals who designed the ransomware.

Research shows that EncoderCSL does not encrypt all files, only the .txtr and .test file formats. Therefore, there is a high probability that EncoderCSL is still in development and cyber criminals are simply testing it. This ransomware renames encrypted files by adding the ".locked" extension to filenames.

For example, it changes "1.txtr" to "1.txtr.locked" and so on. It also displays a pop-up window containing a short message.

What is .Adame (Amnesia)?

.Adame (Amnesia) is malicious software classified as ransomware and is a new variant of Amnesia (other high-risk ransomware). It operates by encrypting data and demanding payment for decryption. It also disables Windows Task Manager. During the encryption process, all affected files are renamed according to the following pattern: "[random_string].Adame".

For example, a file named "1.jpg" would appear as something similar to "=lRIANc6spXK2Q.Adame" following encryption. After this process is complete, a ransom message ("ALL YOUR FILES ARE ENCRYPTED.txt") is dropped into every compromised folder.

What is soonersupor[.]pro?

soonersupor[.]pro is similar to biglocateriod[.]pro, yaarileads[.]com, norobotcapcha2020[.]info and many other rogue websites. When visited, soonersupor[.]pro loads dubious content or opens other untrusted websites.

Note that people generally arrive at these web pages inadvertently - they are opened by potentially unwanted applications (PUAs) installed on browsers and/or operating systems.

What is Uk6ge?

Discovered by malware researcher, S!Ri, Uk6ge is malicious software categorized as ransomware. It is designed to encrypt data of infected systems and demand payment for decryption. When this ransomware encrypts, all affected files have the ".uk6ge extension added to their filenames.

For example, a file originally named "1.jpg" would appear as "1.jpg.uk6ge" following encryption. After this process is complete, a ransom message in the form of a text file ("info.txt") is created on the desktop.

What is europixhd[.]io?

europixhd[.]io is the address of a website that provides an illegal movie streaming service. This page employs rogue advertising networks and redirects visitors to other untrusted websites. We strongly advise against opening websites such as europixhd[.]io or using their services.

What is Nppp?

Nppp is malicious software, which is part of the Stop/Djvu ransomware family. It operates by encrypting the data of infected devices to demand payment for decryption tools/software. During the encryption process, all compromised files are appended with the ".nppp" extension.

For example, a file originally named "1.jpg" would appear as "1.jpg.nppp". Once this process is complete, a ransom message ("_readme.txt") is dropped onto the desktop.