Virus and Spyware Removal Guides, uninstall instructions

What is ExileRat?

ExileRat is a trojan-type remote access tool distributed by cyber criminals. At time of research, cyber criminals proliferated ExileRat using a spam email campaign that targets only Tibetan Supporters. The deceptive email contains a malicious Microsoft PowerPoint document that, once opened, injects ExileRat into the system by exploiting a Microsoft Office vulnerability.

What is weknow.start.me?

Weknow.start.me is a new variant of weknow.ac, it is a fake search engine that is promoted as legitimate. According to its developers, weknow.start.me supposed to provide its users with an enhanced browsing experience (improved search results, faster searches and so on).

This search engine is promoted using rogue downloaders/installers (download/installation set-ups) that are designed to modify browser's settings. Moreover, it also gathers information related to its user's browsing habits. It is worth mentioning that start.me itself is a legitimate domain that is being used by weknow.start.me fake search engine's developers.

What is "My Mac Speedup"?

Developers claim that My Mac Speedup (also known as Speedup My Mac) is a legitimate app that fixes, cleans, and improves the performance of Mac computers.

This app is promoted to optimize MacOS operating systems, however, it is known as a potentially unwanted application (PUA), since it is promoted and distributed using the "bundling" method. Therefore, most people install My Mac Speedup inadvertently.

What kind of malware is CryptoStealer?

CryptoStealer is a generic name for viruses that steal crypto-currencies and cryptocurrency wallets. During the last few years, cryptomining has become very popular, especially after Bitcoin's success in the last quarter of 2017. This drew much attention and investment in the currency.

Cyber criminals also took an interest in the currency as a convenient way to generate revenue, especially since the transactions are anonymous.

These people began stealing cryptocurrencies using various techniques including hijacking poorly-protected websites (modifying website content by changing the owner's cryptowallet address to their own) and development of high-risk malware that steals account credentials and performs other malicious actions.

What is search.elifaint.com?

There are hundreds of fake search engines on the internet, including search.elifaint.com (or searchv.elifaint.com). Although developers present this site as legitimate and promote it by offering an enhanced browsing experience, do not use it.

This search engine is distributed via rogue downloaders/installers that usually change default browser settings. Furthermore, search.elifaint.com records browsing-related information and potentially other data.

What is Pluto?

Pluto is one of many ransomware-type viruses discovered by malware security researcher, Michael Gillespie. Following successful infiltration, Pluto encrypts most stored files and appends filenames with the ".pluto" extension (e.g., "sample.jpg" is renamed to "sample.jpg.pluto").

Once encryption is complete, Pluto generates a text file ("!!!READ_IT!!!.txt") that contains a ransom-demand message. Another variants of this ransomware use ".Neptune" and ".mecury" extensions for encrypted files.

What is search.ranimaker.com?

search.ranimaker.com is categorized as a fake search engine and is virtually identical to search.fegline.com, search.blueslaluz.com, search.getmybestyear.com, and many others.

Developers present this as a legitimate and useful tool, however, this search engine records browsing-related and other data. Furthermore, developers promote search.ranimaker.com using rogue downloaders/installers that modify browser settings.

What kind of malware is FileSlack?

Discovered by Michael Gillespie, The FileSlack program is categorized as ransomware. Like most ransomware-type computer infections, FileSlack is used by cyber criminals who attempt to encrypt users' data (stored on computers) and make ransom demands.

Once installed, FileSlack renames all encrypted files by adding the ".FileSlack" extension (e.g. "1.jpg" becomes "1.jpg.FileSlack") and generates a ransom message within the "Readme_Restore_Files.txt" text file.

What is "Speakup"?

Speakup is a high-risk trojan designed to target Linux and MacOS operating systems. This malware is used to proliferate cryptomining applications and misuse infected systems to mine cryptocurrencies without the device owner's consent. Although Speakup typically targets Linux servers, in some cases, it also infects other systems.

The presence of Speakup significantly diminishes computer performance and poses a threat to the hardware.

What is CryCipher?

Discovered by GrujaRS, CryCipher is another ransomware-type computer infection that cyber criminals have developed to encrypt data stored on victims' computers and urge them pay ransoms. I.e. to blackmail people with computers infected by this ransomware.

Once it infiltrates the system, CryCipher generates the "Readme_now.txt" file and automatically opens it. CryCipher also renames each encrypted file by adding the ".locked" extension. For example, "1.jpg" becomes "1.jpg.locked".