Virus and Spyware Removal Guides, uninstall instructions

What is searchp.icu?

Similar to homesweeklies.com and playsearchnow.com, searchp.icu (which is also known as searchp.club) is a fake search engine that falsely claims to enhance the browsing experience by generating improved results and providing quick access to a number of popular websites (such as Facebook, Twitter, YouTube, and so on).

Judging on appearance alone, searchp.icu may seem legitimate, however, developers promote this site via rogue downloaders/installers that modify browser options without permission. In addition, searchp.icu records data relating to browsing activity.

What is GandCrab 5.0.5?

GandCrab 5.0.5 is a new variant of high-risk ransomware called GandCrab 5.0.4. Version 5.0.5 was released immediately after BitDefender developed a decryption tool for the previous version. After successful infiltration, GandCrab 5.0.5 encrypts most stored data and appends filenames with a random string.

For instance, "sample.jpg" might be renamed to a filename such as "sample.jpg.obkbtxtn". Once encryption is complete, data immediately becomes unusable. As well as encrypting files, GandCrab 5.0.5 changes the desktop wallpaper and creates a text file (named "[aforementioned_random_strong]-DECRYPT.txt"), placing a copy in each existing folder.

What is Docx?

Docx is another high-risk virus discovered by malware security researcher, S!Ri. After infiltrating the system, Docx encrypts most stored data, thereby making it unusable. As well as encryption, Docx renames files by adding the ".docx" appendix (e.g., "sample.jpg" is renamed to "sample.jpg.docx").

Once encryption is complete, Docx generates a text file ("YOU_FILES_HERE.txt") and places a copy in every existing folder. Note that another ransomware virus has a very similar name (..docx), however, they are not related.

What is Flash Chrome Proxy?

Flash Chrome Proxy is a high-risk virus designed to record user account credentials. The virus disguises itself as a legitimate application called Adobe Flash Player. At time of writing, Flash Chrome Proxy targeted the Google Chrome browser only, however, this situation may change.

Cyber criminals proliferate this malware using deceptive websites that falsely claim that Adobe Flash Player is outdated/missing, and encourages users to update/install the app. Note that this malicious extension can also be downloaded from Google Chrome's web store, but this will lead to system infection with the Flash Chrome Proxy virus.

What is "Walmart Email Virus"?

"Walmart Email Virus" is a spam email campaign used by cyber criminals to distribute Hawkeye keylogger. Like most emails of this type, they are sent to many people (hundreds or even thousands) and presented as "official" and legitimate messages. Generally, they encourage people to open malicious attachments that proliferate malware infections.

What is Nymaim?

Nymaim is high-risk trojan designed to infiltrate other viruses into the system. It essentially works as a malware dropper.

Cyber criminals proliferate this virus by disguising it a regular file or app (e.g., a legitimate app, document, etc.) For example, Nymaim is distributed using the "Job Application" spam email campaign and The Roboto Condensed Font Was Not Found Scam" web scam.

What kind of malware is FUNNY?

Discovered by Jakub Kroustek, FUNNY is another ransomware virus belonging to the Dharma malware family. When a computer is infected with this virus, most files are encrypted and renamed with the ".FUNNY" extension (and the victim's ID and an email address) added. For instance, "1.jpg" is renamed to "1.jpg.id-1E857D00.[WildMouse@cock.li].FUNNY" and "2.png" is changed to "2.png.id-1E857D00.[WildMouse@cock.li].FUNNY".

All encrypted files become unusable. FUNNY ransomware displays a ransom demand pop-up window and places the "FILES ENCRYPTED.txt" text file on the desktop.

What is Vanss?

Vanss (a variant of Dharma) is a high-risk virus, categorized as ransomware. This particular virus was discovered by Jakub Kroustek. Like many other viruses of this type, it infects systems and encrypts most stored data. It is not known whether Vanss developers use symmetric or asymmetric cryptography, however, once files are encrypted, they become unusable.

Vanss also adds the ".vanss" appendix to the name of each encrypted file. For example, "sample.jpg", is renamed to "sample.jpg.vanss" after encryption. The same applies to all encrypted files. It also places the "Info.hta" and "FILES ENCRYPTED.txt" files on the desktop.

What is "Embed a malware on the web page Email Scam"?

"Embed a malware on the web page Email Scam" is categorized as spam email campaign. Typically, these campaigns are used to threaten people and trick them into paying to avoid shame or other "consequences", such as computer infections. In this case, cyber criminals claim that they have captured "the process of your onanism" (a video), and have stolen your personal data.

If you want to prevent supposed data loss and the video from being proliferated to all of your contacts, you are encouraged to pay a ransom. This is typical behaviour of cyber criminals and you should not worry.

What is mansubscribe.com?

mansubscribe.com is a rogue website similar to intimepoint.com, notifications-online.systems, confirm-browser.com, and many others. This site is designed to redirect visitors to other dubious websites. In most cases, users arrive at mansubscribe.com inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive ads.

PUAs are notorious for infiltration without users' consent. Furthermore, they are also likely to display intrusive advertisements and record information relating to browsing activity.