Virus and Spyware Removal Guides, uninstall instructions

What is Iruvtgtm?

Iruvtgtm belongs to a ransomware family named Snatch. Like many other programs of this type, it encrypts files, renames them and creates a ransom message. Iruvtgtm renames encrypted files by appending the ".iruvtgtm" extension to filenames. For example, it renames "1.jpg" to "1.jpg.iruvtgtm", and so on.

It creates a ransom message within the "HOW TO RESTORE YOUR FILES.TXT" file, which can be found in all folders that contain encrypted files.

What is NetworkMaze?

Discovered by GrujaRS, NetworkMaze is a part of the MedusaLocker ransomware family. NetworkMaze renames all encrypted files by appending the ".networkmaze" extension to filenames. For example, it renames "sample.jpg" to "sample.jpg.networkmaze", and so on.

It also creates the "READINSTRUCTION.html" file (ransom message) and drops it in all folders that contain encrypted files.

What is Coom?

Discovered by GrujaRS, Coom is malicious software classified as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".coom" extension.

For example, a file such as "1.jpg" would appear as "1.jpg.coom", and so on for all compromised files. After this process is complete, a ransom message ("READ_IT.txt") is dropped onto the desktop and the wallpaper is also changed.

What is "2020 Opinion Survey"?

"2020 Opinion Survey" is a scam run on deceptive websites. It operates by claiming that users have been selected to win a reward, which they can receive by completing a brief survey.

At the time of research, the fake prizes were cosmetic products, however, other rewards might also be offered by this scam (e.g. electronic devices of popular brands, gift cards and vouchers, cash, etc.).

Rather than receiving any rewards, however, users are redirected to other deceptive/scam sites, which promote dubious/fake products, trick users into paying bogus fees or revealing their personal information such as names, communication/social account credentials, banking and credit card details, and so on.

Typically, access to websites running "2020 Opinion Survey" (and others similar to it) are accessed via redirects caused by intrusive ads or potentially unwanted programs (PUAs) already infiltrated into the system.

What is finderprize?

finderprize is a family of deceptive websites. Typically, visitors to these sites are provided with dubious content, which urge them to install potentially unwanted applications (PUAs) such as browser hijackers, adware (or even malicious programs including ransomware, Trojans), participate in surveys, and so on.

No finderprize websites can be trusted and people do not generally visit these web pages intentionally - they are opened through clicked deceptive advertisements, other untrustworthy websites, or by installed PUAs.

What is ExpertCharacterSearch?

ExpertCharacterSearch is an adware-type application belonging to the AdLoad malware family. After successful installation, this rogue app begins running intrusive ad campaigns (i.e., delivers annoying and dangerous ads). ExpertCharacterSearch also has some browser hijacker characteristics such as modification of browser settings and promotion of fake search engines.

This application has been proliferated by bogus Flash Player updates, which are typically promoted by scams such as "Latest version of Adobe Flash Player". These fake updaters are often used to promote Potentially Unwanted Applications (PUAs) and even malware (e.g. trojans, ransomware, etc.).

Due to the dubious methods used to proliferate ExpertCharacterSearch, it is additionally classified as a PUA. Furthermore, most of these unwanted apps have data tracking abilities and gather information relating to browsing activity.

What is Exe (JigSaw)?

Discovered by Jirehlov, Exe (JigSaw), belongs to the Jigsaw ransomware family. This ransomware encrypts files (a list of targeted formats is provided below) and renames them by appending the ".exe" extension to their filenames. For example, it renames "1.jpg" to "1.jpg.exe", and so on.

Exe (JigSaw) also displays a pop-up window, which contains a ransom message and can be used to pay the ransom.

What is TabSearch?

TabSearch is a rogue app belonging to the AdLoad adware family. It operates by displaying various intrusive advertisements that diminish the browsing experience and carry certain risks. Additionally, this application shares common traits with browser hijackers, such as alteration of browser settings to promote a fake search engine.

Due to its dubious proliferation methods, TabSearch is also categorized as a Potentially Unwanted Application (PUA). It has been observed proliferating via bogus Flash Player updaters, which commonly spread not just PUAs, but malware as well. Note that most unwanted apps (adware-types and browser hijackers included) have data tracking capabilities.

What is Quick Maps and Directions?

Chromium is an open-source project from Google. Many browsers are based on Chromium code, but few are legitimate. This project is often misused to develop browsers that operate as adware (display ads), browser hijackers (promote fake search engines and gather browsing-data), or as potentially unwanted applications (PUAs).

Quick Maps and Directions is one of these rogue browsers and is therefore classified as a PUA. Research shows that Quick Maps and Directions is designed to promote hquickmapsanddirections.com, the address of a fake search engine.

What is Mool?

Mool is malicious software which is a part of the Djvu family of ransomware-type programs. It prevents victims from accessing their files by encryption. Mool changes filenames of all encrypted files by appending the ".mool" extension. For example, it renames a file named "sample.jpg" to "sample.jpg.mool", and so on.

It also creates a ransom message in a text file named "_readme.txt". This message contains instructions about how to contact the cyber criminals who designed Mool, plus other details.