Virus and Spyware Removal Guides, uninstall instructions

What is search.maps2go.net?

search.maps2go.net is similar to many other fake search engines such as search.regevpop.com, search-operator.com, and search.tapufind.com. These are just some examples. Developers promote this site as a useful search engine that is capable of providing an enhanced browsing experience with improved results, faster searches, and so on.

The search.maps2go.net site is promoted using rogue downloaders/installers that adjust browser settings. Furthermore, this search engine gathers data relating to users' browsing activities.

What is RogueRobin?

RogueRobin is a high-risk trojan developed and proliferated by a hacker group called DarkHydrus. In most cases, this trojan is distributed using spam email campaigns that deliver malicious attachments (typically, Microsoft Excel documents).

After successful system infiltration, RogueRobin connects to a remote server, downloads a text file, and runs a number of commands listed within that file.

What is search.sprintfair.com ?

search.sprintfair.com is a fake search engine that is very similar to other search engines of this type (e.g., search.regevpop.com, search-operator.com, search.tapufind.com, etc.). Developers promote this site as a useful tool that provides real value with faster searches, improved search results, and so on.

In fact, it is promoted using rogue downloaders/installers that modify browser settings. Furthermore, search engines such as search.sprintfair.com gather data relating to users' browsing activity.

What is search.moshlezim.com?

The search.moshlezim.com search engine supposedly provides an enhanced browsing experience (faster searches, more accurate results, and so on). In fact, this is a fake search engine similar to many others such as search.regevpop.com, search-operator.com, search.tapufind.com, etc.

Developers promote it using rogue downloaders/installers that affect browsers by modifying settings. In addition, the search.moshlezim.com search engine also collects browsing-related data.

What is .happy?

.happy is a ransomware-type program used by cyber criminals to blackmail victims. They use these infections to encrypt data and demand specific ransom payments. This malicious program was discovered by Petrovic. Once data is encrypted by .happy ransomware, the program changes file extensions by adding ".happy".

For example, "1.jpg" becomes "1.jpg.happy". A ransom message can be found in the "HIT BY RANSOMWARE.txt" text file. Research shows that this program's encryption is possible to decrypt (see below).

What is search.regevpop.com?

The internet is full of fake search engines such as search.regevpop.com. Other examples include search-operator.com, search.tapufind.com, and search-me.club.

Note that search.regevpop.com is promoted as a useful search engine that offers an enhanced browsing experience (faster searches, more accurate results, quicker access to popular websites, and so on), however, most of these sites (including search.regevpop.com) are promoted using downloaders/installers that modify browser settings.

Furthermore, fake search engines such as search.regevpop.com usually record data relating to users' browsing habits.

What is "Error #31(0x1F)"?

"Error #31(0x1F)" is a fake (error/virus) alert message displayed only on deceptive, untrustworthy websites. According to this fraudulent alert, an unknown system failure has occurred. It also states that the computer is infected with malicious program/s.

These claims are common to websites of this type, however, another problem is that most people arrive at these websites inadvertently, since they are redirected by potentially unwanted applications (PUAs) installed on their systems. These apps are installed on browsers or within operating systems, often unintentionally.

They go on to feed users with advertisements and record various data relating to browsing activities.

What is Adwind?

Adwind is trojan-type malware that has many other names including (but not limiting to) AlienSpy, Frutas, JSocket, Sockrat, Unrecom, jRAT.

Criminals proliferate this malware in various ways such as spam emails and fake Adobe Flash Player updates. We can also assume that Adwind infiltrates systems with various adware-type programs (via the so-called "bundling" method) that feed users with intrusive advertisements and gather sensitive data.

What is .vaca?

Discovered by Petrovic, .vaca is a ransomware-type program that belongs to the Xorist ransomware family and is designed to jeopardize computers and their users.

Cyber criminals use it to encrypt data and demand ransom payments. Once encrypted, all files are renamed by adding the new ".vaca" extension. For example, "1.jpg" becomes "1.jpg.vaca", and so on. The program displays an identical ransom demand message in the "HOW TO DECRYPT FILES.txt" text file and the "Error" pop-up window.

What is Cobalt Strike?

The Cobalt Strike tool is used to detect system penetration vulnerabilities. The tool itself is supposedly used for software testing to find bugs and flaws, however, cyber criminals often take advantage of such tools, and Cobalt Strike is no exception.

Research shows that these people send hundreds of thousands of spam emails that contain malicious Microsoft Word attachments designed to inject Cobalt Strike into systems.