Virus and Spyware Removal Guides, uninstall instructions

What is hp.myway.com?

MapMyWayFree is yet another rogue application released by Mindspark Interactive Network. It is endorsed for quick access to maps, routes, and traffic-related content. It is supposedly capable of providing maps, driving directions, traffic reports, public transport fares, car services, etc.

Due to most users installing this app inadvertently, it is classified as a Potentially Unwanted Application (PUA). MapMyWayFree operates as a browser hijacker by making unauthorized changes to browsers and promoting hp.myway.com, a fake search engine. Furthermore, it has data tracking capabilities and employs them to monitor users' browsing habits.

What is security5service[.]com?

security5service[.]com is the address of a deceptive website. This site targets mainly iPhone and iPad users, however, websites of this type are often opened by other Apple products.

Scammers use the site to trick people into downloading and installing a dubious application designed to remove malware, which security5service[.]com has supposedly detected on the device. These sites are opened through other dubious web pages, clicked rogue ads, or potentially unwanted applications (PUAs) that are installed on browsers or computers.

What is SystemJump?

SystemJump is endorsed as an app supposedly capable of enhancing the browsing experience by providing fast searches, accurate search results, etc. In fact, it behaves as adware. Adware-type apps operate by delivering intrusive advertisement campaigns (they display various unwanted ads).

Due to its dubious distribution methods, SystemJump is categorized as a Potentially Unwanted Application (PUA). Note that most apps of this type have data tracking capabilities.

What is MedusaLocker?

Discovered by MalwareHunterTeam, MedusaLocker is malicious software, which is classified as ransomware. It operates by encrypting files and keeping them inaccessible until a ransom is paid (i.e. the decryption software/tool is purchased). During the encryption process, all files are renamed with the ".encrypted" extension.

For example, "1.jpg" becomes "1.jpg.encrypted". Once data is encrypted, MedusaLocker stores an HTML file ("HOW_TO_RECOVER_DATA.html") containing a ransom message on the victim's desktop.

Other variants of this ransomware use the ".bomber", ".boroff", ".breakingbad", ".locker16", ".newlock", ".nlocker", ".skynet", ".deadfiles", ".abstergo", ".himynameisransom", ".ReadInstructions", ".EG", ".decrypme", ".ReadTheInstructions", and ".READINSTRUCTIONS" extensions for encrypted files.

What is prize-mania[.]mobi?

prize-mania[.]mobi is an untrustworthy website, which redirects visitors to other sites of this kind or displays dubious content. Generally, people do not visit/open prize-mania[.]mobi intentionally - in most cases, browsers open these web pages when a potentially unwanted application (PUA) is installed.

Typically, PUAs force browsers to open dubious web pages and display ads. Furthermore, they often gather information relating to users. Other examples of sites similar to prize-mania[.]mobi include sentfromfriend[.]com, allwebdesignesu[.]info, and pushs-veriprt[.]com.

What is Mon-thu?

Mon-thu is a family of many untrustworthy web pages that deceptively advertise dubious applications. Mon-thu tricks people into believing that their Mac computers are infected with viruses and encourages them to download and install the Smart Mac Booster app (or other similar apps).

Websites of this type and apps promoted on them should never be trusted. Browsers usually open these web pages due to potentially unwanted applications (PUAs) installed on them. PUAs can cause redirects to dubious pages, display unwanted ads, and gather information relating to users.

What is oo7?

Discovered by Jakub Kroustek, this ransomware belongs to the Crysis/Dharma malware family. oo7 is designed to encrypt data and keep it locked, until a ransom is paid (i.e. until the decryption tool is purchased). During the encryption process, files are renamed with the victim's unique ID number, developer's email address, and the ".oo7" extension.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[b1tc01n@aol.com].oo7". Once the process is complete, a text file called "FILES ENCRYPTED.txt" is stored on the desktop and a pop-up window is displayed.

What kind of malware is AppleJeus?

AppleJeus is the name of backdoor malware that was distributed by the Lazarus group. They spread this malicious software through a fake app disguised as a cryptocurrency trading application called Celas Trade Pro.

There is now a new trojanized cryptocurrency trading app called JMT Trader that operates in a similar manner - it installs the AppleJeus backdoor trojan on the victim's computer. JMT Trader can be installed on Windows and MacOS computers.

What is Leto?

Leto is malicious software, belonging to the Djvu ransomware family. It operates by encrypting data and keeping it locked until a ransom is paid (i.e., decryption software/tool and a unique key are purchased). As Leto encrypts, it renames all files by adding the ".leto extension.

For example, a file named "1.jpg" will appear as "1.jpg.leto", and so on. After the process is complete, a text file called "_readme.txt" is stored on the desktop.

What is Cobain?

Discovered by dnwls0719, Cobain is malicious software classified as ransomware. Cobain originates from another ransomware infection called Hermes837. It is designed to encrypt data and keep it inaccessible until a ransom is paid (i.e. until the decryption software/tool and private key is purchased).

During the encryption process, all files are renamed with the ".cobain" extension. Therefore, "1.jpg" becomes "1.jpg.cobain". After the process is complete, a text file - "!!!READ_ME!!!.txt" containing the ransom message is stored on the affected user's desktop.