Virus and Spyware Removal Guides, uninstall instructions

What is mapseasy.net?

MapsEasy is presented as a legitimate application that supposedly provides access to a number of maps. Judging on appearance alone, MapsEasy may seem legitimate and useful, however, this application often infiltrates systems without consent.

Furthermore, it stealthily modifies web browser settings and continually records various information relating to users' Internet browsing activity. For these reasons, MapsEasy is categorized as a potentially unwanted program (PUP) and a browser hijacker.

What is search.searchmecenter.com?

search.searchmecenter.com is a fake search engine identical to search.search-bee.com and offers improved search results, thereby giving the impression of legitimacy, however, it is promoted using a potentially unwanted browser-hijacking program (PUP) called SearchMeCenter that modifies browser options without users’ permission.

In addition, search.searchmecenter.com and SearchMeCenter continually record information relating to web browsing activity.

What is search.search-bee.com?

search.search-bee.com is fake search engine that supposedly generates improved results. Its appearance barely differs from Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that search.search-bee.com is also legitimate and useful. In fact, this site is promoted using a deceptive browser-hijacking app called Search-Bee. In addition, search.search-bee.com and Search-Bee continually monitor browsing activity by gathering various data.

What kind of malware is Jigsaw ransomware?

Jigsaw is ransomware that uses the AES algorithm to encrypt various files stored on computers. Targeted files include .jpg, .docx, .mp3, .mp4, and many others.

Depending on the ransomware version, one of the following file extensions is added: ".NDGHacks", ".epic", ".HYDRA", ".paycoin", ".pennywise", ".data", .locked_by_mR_Anonymous(TZ_HACKERS), .spaß, .F*ckedByGhost, .#__EnCrYpTED_BY_dzikusssT3AM_ransomware!__#, .lockedgood, .pleaseCallQQ, .hacked.by.Snaiparul, .dat, .tedcrypt, .invaded, .black007, .F*ckED, .##___POLICJA!!!___TEN_PLIK_ZOSTA, .coder007@protonmail.com, .choda, .booknish, .hac, .LolSec, .email-[powerhacker03@hotmail.com].koreaGame, .jes, .Bitconnect, .contact-me-here-for-the-key-admin@adsoleware.com, .paymrss, .justice, .LOCKED_BY_pablukl0cker, .CryptWalker, .F*CKMEDADDY, .##ENCRYPTED_BY_pablukl0cker##, .####CONTACT_US_pablukl0cker638yzhgr@2tor.com####, .game, .#, .pablukCRYPT, .pabluk300CrYpT!, .pabluklocker, .afc, .korea, .kill, .rat, .Crypto, .paymts, .sux, .ghost, .R3K7M9, .tax, .lost, .beep, .ice, .die, .PAY, .Contact_TarineOZA@Gmail.com, .getrekt, .lckd, .crypte, .I'WANT MONEY, .nemo-hacks.at.sigaint.org, .jey, .gefickt, .uk-dealer@sigaint.org, .paytounlock, .hush, .locked, .payrmts, .afd, .paybtcs, .fun, .kkk, .gws, or .btc.

After encryption, this ransomware displays a window with a message listing the encrypted files and stating that victims can only restore them by paying a ransom. In addition, every sixty minutes, .Fun deletes a certain number of files, thus, putting victims under pressure to pay, since delays result in permanent deletion of more files.

What kind of malware is Paradise?

Paradise is a ransomware-type virus promoted as RAAS (Ransomware As A Service). Developers allow affiliates to perform minor changes (for example, change the contact email address and size of ransom) and, in doing so, avoid the task of malware distribution - they use affiliates to proliferate the software.

Developers generate revenue by taking a percentage of ransom payments. Following infiltration, Paradise encrypts stored data using RSA-1024 cryptography and appends names of encrypted files with the "id-[affiliate_id].[affiliate_email].paradise" extension. For example, "sample.jpg" might be renamed to a filename such as "sample.jpgid-3VwVCmhU.[info@decrypt.ws].paradise".

Following successful encryption, Paradise creates three text files ("PARADISE_README_paradise@all-ransomware.info.txt", "Files.txt", "Failed.txt", and "#DECRYPT MY FILES#.txt") placing them on the desktop.

Updated variants of this ransomware use: .[blackblackra@tuta.io].b1, .sambo, __{babyfromparadise666@gmail.com}.p3rf0rm4, .[yourencrypter@protonmail.ch].b29, _V.0.0.0.1{paradise@all-ransomware.info}.prt, id-[affiliate_id].[affiliate_email].sell, id-[affiliate_id].[affiliate_email].ransom, id-[affiliate_id].[affiliate_email].logger , {help@badfail.info}.paradise, .CORP, and .VACv2 extensions for encrypted files.

What is JobCrypter?

JobCrypter is ransomware designed to encrypt various files stored on the system. It targets PC users from France, adding a .locked or .css extension to each encrypted file (therefore, it is easy to recognize which files are compromised). A .txt file is then created containing all information about the encryption. It is stated that users must pay a ransom, otherwise the files will remain encrypted forever.

What is Mac Auto Fixer?

Mac Auto Fixer is a potentially unwanted application similar to Advanced Mac Cleaner, Mac Tonic, and Mac Mechanic. Developers of this application use a deceptive marketing method called 'bundling' to proliferate this software. Mac Auto Fixer installs commonly installs on users' computers without their consent.

When browsing the internet, they are presented with a pop-up ad stating that they need to update Flash player, or that their Mac is infected with 3 viruses. These pop-ups are designed to trick users into downloading and installing the Mac Auto Fixer potentially unwanted application.

What is kaymopk.com?

kaymopk.com is one of many rogue websites available, and is virtually identical to others of this type (such as fixnnetwork.com, karonty.com, and ifortunne.com) that cause unwanted redirects to various untrustworthy websites. As a rule, most users do not visit kaymopk.com willingly - they are redirected to it by potentially unwanted programs (PUPs).

These are mostly installed without users' knowledge and are designed to cause redirects, deploy intrusive ads, record information, and misuse system resources.

What is CAUTHRON?

CAUTHRON is a rogue application designed to deliver intrusive advertisements and (potentially) record sensitive information. CAUTHRON typically infiltrates systems without users’ permission. For these reasons, this app is categorized as adware and a potentially unwanted program (PUP).

What is go.leadgid.ru?

go.leadgid.ru is a rogue website (identical to click-now-on.me, kaseine.info, karonty.com, and many others) that causes redirects to various other untrustworthy/dubious sites.

Many users visit go.leadgid.ru inadvertently - associated potentially unwanted programs (PUPs) redirect them to the site. Installed PUPs deliver intrusive/unwanted advertisements, gather data, and misuse system resources.