Virus and Spyware Removal Guides, uninstall instructions

What is "Pricewaterhouse Coopers Email Virus"?

"Pricewaterhouse Coopers" is classified a spam email campaign used to proliferate the TrickBot trojan, a high-risk virus. Typically, these emails contain an attached file (document) and are sent to many people. Cyber criminals present these emails as legitimate and important in attempts to trick people into opening the attachments.

What is "My nickname in darknet Email Scam"?

Scammers use the "My nickname in darknet Email Scam" spam email campaign to trick people into paying money by making threats.

Generally, they claim that they have obtained a compromising video or image of the recipient and that they will proliferate this material if their ransom demands are not met. If you have received one of these emails, there is nothing to worry about, it is just a scam.

What is hmining.mobi?

hmining.mobi is a fake search engine identical to searchshp.com, searchp.icu, homesweeklies.com, and many others. By offering improved results and quick access to various popular websites, hmining.mobi attempts to give the impression of legitimacy, however, developers promote this site using rogue download/installation set-ups that modify browser options without permission. In addition, hmining.mobi causes unwanted redirects and gathers sensitive data.

What is whateveryf.info?

whatevery.info is a rogue website similar to ariocroft.com, mansubscribe.com, incomingnow.com, and many others. It redirects visitors to dubious, untrustworthy websites. In most cases, potentially unwanted applications (PUAs) cause these redirects. Therefore, users often visit whatevery.information inadvertently. Generally, PUAs are installed unintentionally, and then deliver intrusive advertisements and collect data.

What is bestsearch.live?

There are many fake search engines that are very similar or even identical to bestsearch.live including, for example, searchp.icu and search.chunckapp.com. In most cases, developers promote these search engines as being 'useful and legitimate', offering an enhanced browsing experience and improved search results.

Although this site may seem to be a reputable search engine, it is promoted using browser-hijacking downloaders and installers that make changes to browser settings without users' permission. Furthermore, bestsearch.live records information relating to users' browsing habits and activity.

What is CommonRansom?

Discovered by Michael Gillespie, CommonRansom is high-risk ransomware that stealthily infiltrates systems and encrypts most stored data. It appends filenames with the ".[old@nuke.africa].CommonRansom" extension (e.g., "sample.jpg" is renamed to "sample.jpg.[old@nuke.africa].CommonRansom").

Encrypted data immediately becomes unusable. Yet, encryption is not the only feature of CommonRansom - this malware creates a text file ("DECRYPTING.txt"), which is placed in every existing folder. The file contains a ransom-demand message.

What is xxxxx ransomware?

Xxxxx is a high-risk ransomware-type virus that affects systems by encrypting (locking) most/all files stored on the system. This ransomware belongs to the Dharma ransomware family and was discovered by Jakub Kroustek. Once files are encrypted, xxxxx changes their names by adding the ".xxxxx" extension plus an email address and a unique ID.

For example, a file named "sample.jpg", might become "sample.jpg.id-1E857D00.[syndicateXXX@aol.com].xxxxx" after decryption. Furthermore, this virus places the "FILES ENCRYPTED.txt" text file in each folder that contains encrypted files.

What is Qweuirtksd?

Qweuirtksd is another ransomware virus discovered by Michael Gillespie. Following successful infiltration, Qweuirtksd encrypts most stored data using AES-128 cryptography. Therefore, compromised files immediately become unusable. During encryption, this malware appends a random string (".qweuirtksd") to each filename.

For example, "1.jpg" is renamed to "1.jpg.qweuirtksd". As well as encrypting files, Qweuirtksd generates a text file ("!!!ReadMeToDecrypt.txt") and places a copy in every existing folder. The new text file provides information regarding the current situation following encryption.

What is search.coolmediatabsearch.com?

There are many various fake search engines similar to search.coolmediatabsearch.com, including funmediatabsearch.com, smartmediatabsearch.com, futuremediatabsearch.com, etc. All are promoted as useful and legitimate search engines with various additional features.

In fact, like many similar search engines, search.coolmediatabsearch.com is promoted using a browser hijacker - in this case, Cool Media Tab, which is categorized as potentially unwanted application (PUA), since it collects data relating to users' browsing activity. The search.coolmediatabsearch.com search engine also collects data.

What kind of scam is "Error # 0xx90025ee9"?

"Error # 0xx90025ee9" is a fake error message, a security warning similar to many other fake messages such as Error Code :S112276, MS-SYSINFO32, System Firewall Has Blocked Some Features, etc.

Typically, fake error messages (or others) appear on untrustworthy, deceptive web pages. In most cases, users visit these sites unintentionally - they are redirected to them by potentially unwanted applications (PUAs) or intrusive ads. Users often install PUAs inadvertently.

The apps can lead to deceptive/untrustworthy websites, deliver ads, and record data relating to users' browsing activity.