Virus and Spyware Removal Guides, uninstall instructions

What is TotalRecipeSearch?

Developed by Mindspark Interactive Network, TotalRecipeSearch is a browser-hijacking app that supposedly allows access to food recipes.

Judging on appearance alone, TotalRecipeSearch may seem legitimate, however, it is categorized as a potentially unwanted application (PUA) and a browser hijacker, since it often infiltrates computers without permission. Additionally, TotalRecipeSearch promotes a fake search engine (myway.com) and might also track browsing activity.

What is CyberGate?

CyberGate is one of many remote access tools (RATs) that allow users to control other connected computers remotely. Cyber criminals often use these programs for malicious purposes such as to steal personal, sensitive information and misuse it to generate revenue. People who have computers infected with programs such as CyberGate should uninstall them immediately.

What is EasyWay?

EasyWay supposedly allows users to quickly search for places, get directions, and see live maps directly from a new browser tab or window. This app may seem to be a legitimate tool, however, it is a browser hijacker that changes settings and collects user-information.

Since most people download and install EasyWay unintentionally, it is categorized as a potentially unwanted application (PUA).

What is inspiranius[.]com?

inspiranius[.]com is a rogue site, similar to lesindingretne.info, prioritynotifications.com, dingboronhartal.pro, and others. It redirects users to other compromised and/or potentially harmful sites, which proliferate dubious content. Using social engineering tactics, inspiranius[.]com tricks users into enabling notifications.

Once these are enabled, it launches an intrusive ad campaign. This site is mostly accessed unintentionally, by way of redirection from other rogue sites (opened by intrusive ads) or by PUAs (potentially unwanted applications).

Note that inspiranius[.]com checks visitors' IP (Internet protocol) addresses to determine their geolocations, which dictates the next course of action: it can redirect users to different sites and/or begin feeding them with dubious content. Therefore, visiting inspiranius[.]com can lead to malicious content and serious system infections.

What is Sakula?

Sakula is software categorized as a remote access trojan (RAT). Generally, programs of this type are used by cyber criminals to control infected computers remotely and perform tasks that enable them to generate revenue in various ways.

Typically, victims are unaware that the Sakula RAT is installed on their systems. RATs can cause serious problems and should be uninstalled immediately.

What is Coharos?

Coharos is yet another ransomware-type infection from the Djvu family. This malware is designed to stealthily infiltrate computers and encrypt most stored data. During encryption, Coharos appends each filename with the ".coharos" extension (hence its name).

For example, "sample.jpg" is renamed to "sample.jpg.coharos". Encrypted data immediately becomes unusable. Coharos also generates a "_readme.txt" text file and stores copies in most existing folders.

What kind of malware is DarkComet?

DarkComet is the name of a remote access/administration tool (RAT). Programs of this type are designed to control systems through a remote network connection. I.e., to control computers and perform various tasks remotely using another computer.

Cyber criminals often try to trick people into installing these programs and then use them with malicious intent. Having software such as DarkComet installed on your system can lead to serious problems, and therefore you are advised to uninstall it immediately.

What is Yoba?

Discovered by Alex Svirid, Yoba is categorized as ransomware. Ransomware-type programs are used to extort money from people with infected computers. They are designed to encrypt files and prevent access unless victims pay the ransom. Like most programs of this type, Yoba renames encrypted files and creates a ransom message.

The ransomware also renames files by adding an email address and the ".yoba" extension to the filenames. For example, "1.jpg" might be renamed to "1jpg.[mr.yoba@aol.com].yoba". The ransom message can be found in the text file named "!=How_recovery_files=!.txt".

What is 2k19cry?

Discovered by dnwls0719, 2k19cry is a part of the Paradise ransomware family (and similar to 2k19sys). These programs are designed to encrypt (lock) files and deny access to them unless a ransom is paid.

This particular ransomware renames all encrypted files by adding a random string of characters plus the victim's personal ID, an email address, and the ".2k19cry" extension to the filenames. For example, "1.jpg" might become "1.jpg_nJjMoz_{hannacry@p-security.li}.2k19cry".

In addition, 2k19cry displays the ransom message in a pop-up window and creates another in a text file named "-=###_INFO_you_FILE_###=-.txt".

What is Mtogas?

First discovered by Michael Gillespie and belonging to the Djvu ransomware family, Mtogas is yet another high-risk program. The purpose of this infection is to infiltrate computers and compromise data by encryption, keeping it this state unless a ransom is paid. Mtogas also renames each file by adding the ".mtogas" extension (for example, "1.jpg" becomes "1.jpg.mtogas").

Once Mtogas completes these file modifications, it generates a text file named "_readme.txt" and stores copies in all existing folders.