Virus and Spyware Removal Guides, uninstall instructions

What is search.kiboletshual.com?

Developers present search.kiboletshual.com as an Internet search engine that supposedly enhances the Internet browsing experience by generating better search results.

These claims often trick users into believing that this website is legitimate and useful, however, search.kiboletshual.com continually gathers various information relating to Internet browsing activity. Furthermore, developers promote it via rogue downloaders/installers designed to modify web browser settings without users' consent.

What is ProductEvent?

ProductEvent supposedly helps users to obtain accurate search results and enhances the browsing experience in other ways. In fact, this app is categorized as adware, a potentially unwanted application (PUA). Most adware-type apps serve advertisements, however, they sometimes gather various user details.

In most cases, people download and install adware (and other PUAs) inadvertently.

What is Get Directions Now?

Get Directions Now is a rogue application advertised for easy access to various maps and driving route content. It is supposedly capable of providing maps, driving directions, local traffic news, etc.

In fact, it is categorized as a browser hijacker, since it makes unauthorized changes to browsers and promotes a fake search engine (search.getdirectionsnowtab.com). Furthermore, Get Directions Now monitors browsing activity. This app is also classed as a Potentially Unwanted Application (PUA), since most users install it inadvertently.

What is CASH?

CASH is malicious software belonging to the Crysis/Dharma malware family. Discovered by Jakub Kroustek, this program is classified as ransomware. It operates by encrypting data and denying access until a ransom is paid. As CASH encrypts files, it renames them with the victim's unique ID number, developer's email address, and the ".CASH" extension.

For example, "1.jpg" might be renamed to "1.jpg.id-1E857D00.[cryptocash@aol.com].CASH". After encryption, CASH creates a text file "FILES ENCRYPTED.txt" on the affected user's desktop. Additionally, CASH opens a pop-up window.

What is Sapphire?

Discovered by MalwareHunterTeam, Sapphire ransomware encrypts data and displays a pop-up window containing a ransom message with decryption instructions. It renames encrypted files by adding the ".sapphire" extension to filenames. For example, "1.jpg" becomes "1.jpg.sapphire". To decrypt their files, victims are asked to pay a specific cryptocurrency sum.

What is 0fficial[.]info?

0fficial[.]info is a scam website used to endorse the Cleanup My Mac application (however, it is actually presented as "MacCleaner"). This site uses scare-tactics to encourage users into installing its promoted Potentially Unwanted Application (PUA).

The 0fficial[.]info web page warns visitors that it has detected various 'threats' and gives instructions on how to remove them. Websites of this type should not be trusted. Do not install any apps that they advertise. These scams generally promote fake and nonoperational applications.

Few users access this site intentionally - most are redirected by intrusive advertisements or PUAs already present on their devices.

What is ManagerPages?

ManagerPages is an application that supposedly makes everyday browsing easier, however, rather than operating as a useful tool, it feeds users with unwanted ads.

This software is classified as adware and a potentially unwanted application (PUA). Most people download and install apps of this type unintentionally. Furthermore, PUAs often gather data relating to users' browsing habits. We recommend that you uninstall ManagerPages and other adware immediately.

What is Bguu?

Discovered by MalwareHunterTeam, Bguu is malicious software based on an open-source ransomware project called Hidden Tear. It is designed to encrypt files and keep them locked until a ransom is paid (decryption software/tool is purchased). As the encryption is in progress, this program renames files with the Bguu developer's email address and the ".bguu" extension.

For example, "1.jpg" becomes "1.jpg.[paymebtc@protonmail.com].bguu". After the process is complete, Bguu stores a text file called "HACKED.txt" on the Desktop and changes the wallpaper to state, "You Files Have Been Encrypted .".

What kind of malware is Veracrypt?

Veracrypt is a Russian offline version of a ransomware-type program that belong to the Aurora ransomware family. This particular ransomware was discovered by MalwareHunterTeam. It encrypts files, renames them, and creates three identical ransom messages.

Veracrypt renames files by adding the ".veracrypt" extension to filenames (e.g. "1.jpg" becomes "1.jpg.veracrypt") and creates three text files ("@@_ATTENTION_@@.txt", "@@_README_@@.txt", and "@@_RECOVERY_@@.txt"), which contain identical ransom messages.

What is Reco?

Reco is malicious software belonging to the Djvu ransomware family. This program operates by encrypting data and denying access until a ransom is paid (i.e., until a decryption tool/software is purchased). When this ransomware encrypts data, it renames files with the ".reco" extension.

Therefore, "1.jpg" becomes "1.jpg.reco". Once this process is complete, Reco creates a "_readme.txt" text file, which contains the ransom message.