Virus and Spyware Removal Guides, uninstall instructions

What is Xxxinstant?

Xxxinstant is malicious software designed to block access to data by encryption. Victims cannot use their files unless they decode them with decryption software, which can purchased from the cyber criminals who designed Xxxinstant. This ransomware is a new variant of another ransomware infection called Scarab.

This particular variant was discovered by Vitali Kremez. Xxxinstant renames all encrypted files, giving them a random filename and changing extensions to ".xxxinstant". For example, "1.jpg" might be renamed to a filename such as "1.jpg.sPnwCt8=JQr1DEZovSWcI4AqMsHjccF7wFO35A.xxxinstant".

Furthermore, it creates a text file (ransom message) called "RECOVER ENCRYPTED FILES.TXT". If victims try to open Task Manager when Xxxinstant is encrypting files, the ransomware terminates it.

What is PhobosImposter?

Discovered by MalwareHunterTeam, PhobosImposter is malicious software categorized as ransomware. It also emulates Phobos ransomware. PhobosImposter is designed to encrypt data and keep it locked, until a ransom is paid. During the encryption process, all files are renamed with the ".phobos" extension.

Therefore, "1.jpg" becomes "1.jpg.phobos", and so on for all compromised files. After this process is complete, PhobosImposter creates a text file ("Restore-My-Files.txt) and stores it in each affected folder.

What is Qbit System Care?

Qbit System Care (or Qbit ~System Care) is a potentially unwanted application (PUA) designed to clean, optimize, and speed up Windows computers. It is categorized as a PUA due to the method that developers use to distribute it - they include Qbit System Care into the set-ups of other programs.

Typically, people agree with offers to download and/or install this additional software inadvertently or unintentionally. Research shows that Qbit System Care advertises another PUA called Driver Updater.

What is "apple.com-mac-optimizer[.]live"?

apple.com-mac-optimizer[.]live is a scam website, which uses scare-tactics to trick people into installing the Cleanup My Mac application. When accessed, it alerts visitors of various threats it has detected and promotes the app to eliminate them. Note that no website can detect infections/issues present on devices.

Therefore, any 'threats' these sites claim to find are fake. Do not download/install software endorsed on these pages, since it is often bogus and nonoperational. In most cases, apple.com-mac-optimizer[.]live is entered through redirects caused by Potentially Unwanted Applications (PUAs) already present on the device.

What is Mockba?

Mockba encrypts files, renames them by adding the ".mockba" extension to filenames (e.g. "1.jpg" becomes "1.jpg.mockba"), and creates a ransom message within the "# HOW TO RECOVER YOUR DATA #.txt" text file. Software of this type is known as ransomware.

These malicious programs are used to block access to data unless victims pay a ransom. Therefore, victims of ransomware attacks are forced to purchase decryption tools and/or keys.

What is "Firdayfun"?

Firdayfun is a family of scam websites designed to promote untrustworthy software. This variation promotes Smart Mac Booster, a dubious application categorized as a Potentially Unwanted Application (PUA). Deceptive/Scam sites typically use scare tactics to encourage visitors into downloading/installing the products they endorse.

Firdayfun displays virus detection alarms and urges people to install Smart Mac Booster. No website is capable of detecting threats/issues on devices.

Therefore, all viruses/malware they claim to find are fake. Additionally, the software promoted on these web pages is usually bogus and nonfunctional. In most cases, Firdayfun is opened by PUAs already present on the system.

What is DavesSmith?

DavesSmith (also known as Balaclava) is malicious software classified as ransomware. It is designed to encrypt data and demand ransom payments for decryption. There are two known variants of this ransomware.

During the encryption process, all files are appended with the developer's email address: one version adds ".daves.smith@aol.com", and the other, ".[daves.smith@aol.com]". For example, "1.jpg" might be renamed as "1.jpg.daves.smith@aol.com" or "1.jpg.[daves.smith@aol.com]".

After this process is complete, DavesSmith stores an HTML file ("HOW_RECOVER.html") or a text file ("RECOVERY FILE.txt") in each affected folder.

What is My Flight Finder?

My Flight Finder is advertised as an app that allows users to access websites, which provide information about the flights of various airlines. In fact, it operates as a browser hijacker, changing browser settings and gathering information.

Typically, people do not download or install apps of this type intentionally and, for this reason, My Flight Finder is classified as potentially unwanted application (PUA).

Furthermore, developers distribute it with another PUA called Hide My Searches. Therefore, it is very likely that people who have installed My Flight Finder, also have Hide My Searches installed on their systems.

What is The PC Power?

The PC Power is software endorsed as a system cleaner and optimizer. It is allegedly capable of freeing up storage space, detecting and removing unnecessary files, malware, spyware, adware, and other threats/issues. Due to its dubious proliferation methods, it is categorized as a Potentially Unwanted Application (PUA).

The PC Power has a promotional website, from which a trial version can be downloaded free of charge and the full version purchased, however, it can also be inadvertently installed together with other programs. This deceptive marketing tactic of pre-packing regular software with unwanted content is called "bundling".

What is Derp?

Derp is malicious software categorized as ransomware. Derp is a part of a ransomware family called Djvu. Like most programs of this type, it encrypts files so that victims cannot access or use them unless they pay ransoms to cyber criminals. Furthermore, Derp renames all encrypted files by changing their extensions to ".derp".

For example, "1.jpg" becomes "1.jpg.derp". It also creates a text files named "_readme.txt" and stores a copy in every folder that contains encrypted data.