Virus and Spyware Removal Guides, uninstall instructions

What is Ramnit?

Ramnit is a family of malware-distribution trojans. Depending on particular variants, anti-virus suites can detect Ramnit as "Win32/Ramnit.A" or "Win32/Ramnit.B". These viruses infiltrate systems without users' consent and open "backdoors" for other malware to infiltrate the system. Therefore, its presence typically leads to further computer infections.

What is Simple Package Tracker?

As its name suggests, the Simple Package Tracker application supposedly allows users to track their packages, which are delivered by carriers such as FedEx, USPS, UPS, DHL and Canada Post. In fact, Simple Package Tracker is a browser hijacker, an application that changes browser settings (to promote a fake search engine) and gathers various data.

Since most people download and install apps of this type inadvertently, they are categorized as potentially unwanted applications (PUAs). Furthermore, developers distribute Simple Package Tracker with another PUA named Hide My Searches. Therefore, people who installed Simple Package Tracker on their systems, probably also installed Hide My Searches.

What kind of malware is Poison Ivy?

Poison Ivy is software that can access and control connected computers remotely. Programs of this type are called remote access or administration tools (RATs), however, not all are legitimate and some people use them illegally. For example, many cyber criminals use RATs to steal personal information, distribute malware, and use them for other malicious purposes.

What is dredrewlaha[.]info?

dredrewlaha[.]info is a rogue website designed to redirect users to other untrustworthy and malicious sites, as well as feed them with dubious content. The website shares many similarities with lesindingretne.info, dancewithlittleredpony.com, clckworld.club and many other rogue sites.

User do not generally access dredrewlaha[.]info intentionally - they are redirected to it by other compromised sites through intrusive ads or PUAs (potentially unwanted applications). PUAs often infiltrate users' devices without permission, cause redirects, deliver intrusive advertisements, and monitor and gather information relating to users' browsing activity.

What kind of malware is NetWire?

NetWire (also known as Recam or NetWiredRC) is a malicious application and a remote access tool (RAT). Typically, people use RATs to access and control computers remotely. For example, these tools can be used legitimately by system administrators for accessing client computers, however, RATs can also be employed for malicious purposes.

Cyber criminals use them to steal sensitive data and information, proliferate (download/install) malware, and so on. Remote access tools that were not installed on intentionally should be removed immediately, otherwise they might lead to serious problems.

What is Quasar?

The Quasar tool allows users to remotely control other computers over a network. Software programs of this type are known as remote access tools (RATs). There both are legitimate and illegal RATs. Quasar is a legitimate tool, however, cyber criminals often use these tools for malicious purposes.

I.e., to steal personal information that could be used to generate revenue. If you suspect that Quasar is installed on the operating system (unintentionally), remove it immediately.

What is Nasoh?

First discovered by Michael Gillespie, Nasoh is one of many ransomware-type infections from the Djvu family. The purpose of this virus is to stealthily infiltrate computers and encrypt data so that developers can make ransom demands by offering paid recovery of files.

This ransomware is also designed to append each filename with the ".nasoh" extension (e.g., "sample.jpg" -> "sample.jpg.nasoh"). A text file named "_readme.txt" is also created, copies of which are stored in most existing folders. This text file contains a ransom-demand message.

What is rxlnd[.]com?

Similar to allowpush.club, check-out-this.site, exclusivenotifications.com, and others, rxlnd[.]com is a rogue website used to redirect visitors to other untrustworthy or malicious sites and proliferate dubious content. This website employs browser notifications, which, if allowed, begin an aggressive, intrusive advertisement campaign.

Visitors to rxlnd[.]com rarely access the site willingly - they are redirected to it by other untrustworthy sites, suspicious ads, or by PUAs (potentially unwanted applications). PUAs are often installed inadvertently and can be responsible for unauthorized redirects, intrusive ad campaigns, and data gathering.

What is searcreetch.com?

searcreetch.com is very similar to searchmine.net, chumsearch.com, and weknow.ac. This is the address of a fake search engine. Typically, search engines of this type are supposedly useful and provide accurate results, fast searches, and so on. They often contain links to web pages such as Facebook, Twitter, YouTube, etc.

In fact, developers promote searcreetch.com through the installer of a fake Flash Player. Furthermore, they use searcreetch.com to gather various information about people who visit the site.

What is GenerelOpen?

The GenerelOpen app supposedly allows people to search more efficiently, however, research shows that it operates as an adware-type app. Adware is software that feeds users with intrusive advertisements. These apps sometimes also collect information relating to users' browsing habits.

In most cases, people download and install adware unintentionally, and for this reason, GenerelOpen is also known as a potentially unwanted application (PUA).