Virus and Spyware Removal Guides, uninstall instructions

What is Ursnif?

Ursnif (also known as Gozi, IFSB or Dreambot) is high-risk trojan-type virus designed to record various sensitive information. This virus typically infiltrates systems without permission, since developers proliferate it using spam email campaigns (e.g., "TicketSales Email Virus", "Swisscom Email Virus", etc.) and fake Adobe Flash Player updaters promoted via deceptive websites. These sites are notorious for the promotion of various adware-type applications.

What is Jimm?

Cyber criminals use Jimm ransomware to prevent victims from accessing their files by encrypting all data stored on the system. To decrypt their files, people are urged to pay a ransom (buy a decryption tool). This high-risk computer infection was discovered by Michael Gillespie and is a new variant of Snatch ransomware.

All files encrypted by Jimm are renamed by adding the ".jimm" extension. For example, "1.jpg" becomes "1.jpg.jimm". Victims should be able to find a ransom message within a text file called "Restore_JIMM_Files.txt" in each folder containing encrypted files.

What is "Osascript wants to control Safari"?

"Osascript wants to control Safari" is a fake operating system pop-up message used to trick MacOS users to allow "osascript" to control the Safari web browser. There are many adware-type apps that cause these pop-ups. Note that many users encounter this scam and it should not be trusted.

What is Golden Axe?

Golden Axe is a computer infection that was discovered by mol69 and categorized as ransomware. Cyber criminals use this infection to blackmail people: Golden Axe encrypts data stored on a computer, rendering it inaccessible unless a ransom is paid.

It creates "# instructions-X6DEV #.jpg" (a ransom message in the format of an image file), "# instructions-X6DEV #.txt" (a ransom demand text file), and "# instructions-X6DEV #.vbs" (an audio file).

These files are placed in folders that contain encrypted data. Golden Axe renames every encrypted file by adding a random extension. In our example, the ".X6DEV" extension (a random string as used in the above files). For example, "1.jpg" becomes "1.jpg.X6DEV".

What is "Smart Mac Booster"?

Smart Mac Booster is very similar to many other apps of this type, such as Auto Mac Booster, Auto Mac Speedup, and Speedup Mac Pro. This app supposedly operates as an optimization tool allowing users to find and fix various errors, clean Mac computers from unnecessary data, and improve MacOS operating system performance.

In fact, Smart Mac Booster is categorized as a potentially unwanted application (PUA) and is promoted using a deceptive (dubious) website and the "bundling" method. Thus, in many cases, people download and install this app unintentionally.

What is Klope?

Discovered by Michael Gillespie, Klope is yet another variant of high-risk ransomware called Djvu. This malware is designed to stealthily infiltrate computers and encrypt stored files. In doing so, Klope appends filenames with the ".klope" extension (for instance, "sample.jpg" is renamed to "sample.jpg.klope").

Encrypted data immediately becomes unusable. In addition to file encryption, Klope generates a text file called "_readme.txt" and places a copy in every existing folder. The new file contains a ransom-demand message.

What is search.tvnewtabsearch.com?

search.tvnewtabsearch.com is an example of the many fake search engines that can be found on the internet. It is presented as legitimate and useful, since developers offer an enhanced browsing experience, faster searches, more accurate search results, quick access to popular websites, and so on.

In fact, developers promote this site using a browser hijacker, a potentially unwanted application (PUA) called TVNewtab. Apps of this type adjust browser settings and gather various browsing-related data.

What is initdex.com?

initdex.com is one of many fake search engines that supposedly enhances the browsing experience by generating improved results and providing quick access to various popular websites.

Its appearance suggests that initdex.com is legitimate and useful, however, the site is promoted using rogue download/installation set-ups that modify browser options without users’ permission. Furthermore, initdex.com records various user-system information relating to browsing activity.

What is NG Player?

Belonging to the InstallCore adware family, NG Player is a rogue application presented as a high-end media player. Judging on appearance alone, NG Player may seem legitimate and useful, however, it often infiltrates systems without consent. In addition, this app gathers information and delivers various intrusive advertisements.

Therefore, NG Player is categorized as a potentially unwanted application (PUA) and adware.

What is Flowsurf?

Flowsurf is a rogue browser add-on developed by a company of the same name (Flowsurf Apps). Flowsurf claims to improve the quality of Internet searching by displaying advanced search results and adding other functions, however, this add-on employs a deceptive software marketing method called 'bundling' to stealthily install on Internet browsers without users' consent.

Bundling allows developers to distribute their applications together with other software and most users inadvertently install rogue browser extensions as a consequence of reckless downloading of free software from freeware download websites.

Although Flowsurf may appear to deliver useful and legitimate functionality, it is referred to as a browser hijacker, redirect virus, or a potentially unwanted program (PUP) due to its dubious behavior.

Following successful infiltration on Internet Explorer, Google Chrome, and Mozilla Firefox, Flowsurf diminishes Internet browser performance, modifies browser settings, generates intrusive online advertisements, and tracks users' Internet browsing activity.