Virus and Spyware Removal Guides, uninstall instructions

What is MTP?

Discovered by Michael Gillespie, MTP belongs to the GlobeImposter ransomware family. This program is designed to encrypt data stored on victims' computers and allows cyber criminals (MTP's developers) to make ransom demands via an HTML file called "how_to_back_files.html".

MTP victims should be able to find this file (ransom message) in all folders that contain encrypted files. Each encrypted file is renamed - MTP adds the ".{mattpear@protonmail.com}MTP" extension. For example, "1.jpg" becomes "1.jpg.{mattpear@protonmail.com}MTP" after encryption.

What is Kitty?

Kitty is another ransomware-type virus discovered by Emanual_ADC-Soft and belonging to the Scarab ransomware family. Following successful infiltration, Kitty encrypts most stored data, thereby rendering it unusable.

During encryption, Kitty renames compromised files by appending the ".kitty" extension (e.g., "sample.jpg" is renamed to "sample.jpg.kitty"). In addition to encrypting files, Kitty generates a text file ("HOW-TO-RESTORE-FILES.txt") and places a copy in each existing folder.

What is Promock?

Promock is a malicious program that belongs to the Djvu ransomware family. Cyber criminals use ransomware-type programs to blackmail their victims. They use them to encrypt data stored on computers (rendering files unusable) and keep it in that state unless a ransom is paid.

Promock creates a ransom message within a "_readme.txt" file, which victims can find in each folder containing encrypted files. It also renames every file by adding the ".promock" extension. For instance, "1.jpg", is renamed by Promock to "1.jpg.promock".

What is "PORNOGRAPHIC VIRUS ALERT FROM MICROSOFT"?

"PORNOGRAPHIC VIRUS ALERT TO MICROSOFT" is a scam promoted using a deceptive, dubious website, which opens a pop-up window displaying a fake virus alert. Most people end up visiting these websites due to potentially unwanted applications (PUAs) that they have installed on their browsers or operating systems.

Generally, people cause installation of these PUAs unintentionally. When installed, PUAs cause redirects to deceptive websites, display intrusive ads, and collect browsing-related information.

What is ICP?

ICP is a newly-discovered ransomware-type infection designed to stealthily infiltrate computers and compromise data by encryption.

In doing so, ICP renames each encrypted file by appending the ".icp" extension. For instance, "sample.jpg" is renamed to "sample.jpg.icp". As well as compromising data (and rendering it unusable), ICP generates a text file called "Restore_ICPICP_Files.txt" and places a copy in every existing folder.

What is search.hloginhelper.co?

search.hloginhelper.co is a fake search engine identical to search.searchnewvfr.com, search.hgetnewsfast.com, search.hhighdefinitionradioplayer.com, and many others. Developers claim that search.hloginhelper.co significantly enhances the browsing experience by generating improved results and providing quick access to various popular websites.

These claims often trick users into believing that search.hloginhelper.co is legitimate and useful, however, developers promote this website using a browser-hijacking app called Login Helper.

In most cases, this potentially unwanted application (PUA) infiltrates computers without users’ permission and modifies browser settings. Note also that search.hloginhelper.co (and Login Helper) monitor browsing activity by recording user-system information.

What is search.searchnewvfr.com?

Identical to search.hpackage-manager.net, search.hfindyourrecipe.com, search.hroutefinder.net, and many others, search.searchnewvfr.com is a fake search engine that supposedly generates improved results and provides quick access to various popular websites.

Judging on appearance alone, search.searchnewvfr.com may seem legitimate and useful, however, developers promote the site by employing a browser hijacker called Find Free Recipes. This potentially unwanted application (PUA) usually infiltrates computers without permission.

Be aware that search.searchnewvfr.com and Find Free Recipes record user-system information relating to browsing activity.

What is "myntre.org"?

myntre.org is a deceptive website used by scammers who attempt to trick people into believing that they can win a Samsung Galaxy S9 or Apple iPhone XS smartphone.

Most people visit websites of this type unintentionally, since they are redirected by potentially unwanted applications (PUAs) - in this case, by adware-type apps. These apps usually deploy advertisements, gather information, and cause redirects to untrustworthy websites.

What is Promorad?

Promorad is another variant of high-risk ransomware called Djvu. After successful infiltration, Promorad encrypts most stored files. In doing so, this ransomware appends filenames with the ".promorad" extension. For instance, "sample.jpg" is renamed to "sample.jpg.promorad".

As well as encrypting data, Promorad creates a text file (named "_readme.txt") and places a copy in every existing folder. Updated variants of this ransomware use the ".promorad2" extension for encrypted files.

What is search.hgetnewsfast.com?

search.hgetnewsfast.com is a typical fake search engine that, according to its developers, is supposedly useful. In fact, fake search engines of this type should not be trusted. This site is promoted using a browser hijacker called Get News Fast that supposedly provides users with access to various news and live streaming websites.

In fact, this app is categorized as a potentially unwanted application (PUA) that, once installed, modifies browser settings and, together with its associated fake search engine, collects browsing-related information.