Virus and Spyware Removal Guides, uninstall instructions

What is "MM Player"?

MM Player is presented as a high performance video player for MacOS systems. This may seem to be a legitimate application, however, it is promoted through a website from which it can be downloaded. Developers also distribute it using the "bundling" method.

Apps proliferated in this way are categorized as potentially unwanted applications (PUAs). Typically, people install PUAs unintentionally. Furthermore, MM Player's installer also promotes PUAs (adware-type apps) using the "bundling" method.

What is search.getpdftotal.com?

search.getpdftotal.com is another fake search engine that supposedly enhances the browsing experience by generating improved results and allowing conversion of PDF files to other formats.

Note that the appearance of search.getpdftotal.com suggests that this website is legitimate and useful, however, developers promote this fake search engine using a browser-hijacking potentially unwanted application (PUA) called PDF Total. This PUA typically infiltrates systems without users’ permission.

Furthermore, search.getpdftotal.com and PDF Total record information relating to browsing activity.

What is Frendi?

Discovered by Jakub Kroustek, Frendi is another variant of Phobos and one of many programs categorized as ransomware. Like most computer infections of this type, Frendi is designed to encrypt data (block access to files) and create ransom messages.

In this case, it displays a pop-up window and generates the "Encrypted.txt" text file. It also adds the ".Frendi" extension to each encrypted file. For example, "1.jpg" becomes "1.jpg.ID-1E857D00.[tlalipidas1978@aol.com].Frendi" (it adds the extension plus a unique ID and email address).

What is search.hdirectionsandmapstab.com?

search.hdirectionsandmapstab.com is another deceptive website presented as a high quality search engine that supposedly enhances the browsing experience by generating the most relevant results and allowing access to various popular websites.

Judging on appearance alone, search.hdirectionsandmapstab.com may seem legitimate and useful, however, this site is promoted using a browser-hijacking program called Directions And MapsTab. This app supposedly provides driving directions and usually infiltrates computers without users’ permission.

Note that Directions And MapsTab modifies browser options. Furthermore, search.hdirectionsandmapstab.com and Directions And MapsTab record information relating to browsing activity.

What is Target777?

Target777 is a ransomware-type program also known as Defray777. Developers distribute it so that they can blackmail people - the program encrypts files and keeps them in that state until a ransom is paid to cyber criminals. Target777 developers target mostly companies rather than regular users.

Ransomware-type programs usually rename encrypted files by adding a new extension. In this case, Target777 adds an extension that contains ".777" plus the targeted company's name. For example, with a company name of "Blue Sky", a file called "1.jpg" is renamed by Target777 to "1.jpg.BS777".

This ransomware creates the "ReadMeHowToDeCryptFiles!" text file (ransom message) and names it after the company as follows: "!BlueSky_ReadMeHowToDeCryptFiles!".

What is search.searchfch.com?

search.searchfch.com is a fake search engine that supposedly enhances the browsing experience by generating improved results and providing quick access to various popular websites (Yahoo, Facebook, Gmail, etc.).

On initial inspection, search.searchfch.com may seem legitimate and useful, however, this site is promoted using a browser-hijacking app called Free Converter Hub, which supposedly allows conversion of various file types. In most cases, Free Converter Hub infiltrates systems without users’ permission.

Furthermore, this potentially unwanted application (PUA) and search.searchfch.com continually record data relating to browsing activity.

What is "apple.com-cleaning-os.live"?

apple.com-cleaning-os.live is a rogue, deceptive website that promotes various potentially unwanted applications (PUAs). At time of research, it performed this by displaying a fake virus alert message. Ironically, people are forced to visit this website when they already have other PUAs installed.

Therefore, it is very likely that no users visit apple.com-cleaning-os.live intentionally. Once installed, these apps also deliver advertisements and collect browsing-related information.

What is CrazyCrypt?

CrazyCrypt is a ransomware-type virus discovered by MalwareHunterTeam. Following successful infiltration, CrazyCrypt encrypts most stored files and appends filenames with the ".crazy" extension, the victim's unique ID, and developer's email address.

For instance, "sample.jpg" is renamed to "sample.jpg.id.1E857D00.[crazydecrypt@horsef**ker.org].crazy". Once data is encrypted, CrazyCrypt opens a pop-up window and places the "FILES ENCRYPTED.txt" file on the desktop.

What is Cripton?

Cripton is a new version of Creeper ransomware. This is a program that cyber criminals (the developers) use to blackmail people. Once a computer is infected, Cripton encrypts all data stored on the system (making files unusable) and generates a ransom message within a file called "DECRYPT_MY_FILES.txt".

It also renames all encrypted files by adding a new ".cripton" extension. For example, "1.jpg" becomes "1.jpg.cripton". Other variants of Creeper ransomware add the "cripper" and "crypton" extensions and their ransom messages are virtually identical to Cripton's. This particular ransomware was discovered by Amigo-A.

What is getofficex.org?

getofficex.org (or newtab.getofficex.org) is a fake search engine that is promoted through a browser hijacker, a potentially unwanted application (PUA) called OfficeX. Typically, search engines that are promoted using apps of this type cannot be trusted.

According to OfficeX's developers, this app provides easy access to various documents and the ability to create them directly from the browser, however, most people do not install these applications intentionally. In most cases, they are tricked into doing so.

When installed, OfficeX collects user-information and modifies browser settings. The same applies to the getofficex.org search engine.