Virus and Spyware Removal Guides, uninstall instructions

What is RAPID RANSOMWARE V3?

Discovered by MalwareHunterTeam, RAPID RANSOMWARE V3 is an updated variant of the Rapid and Rapid 2.0 viruses. Immediately after infiltration, RAPID RANSOMWARE V3 encrypts most stored files and renames them using the "[random_number].EZYMN" pattern.

For instance, "sample.jpg" might be renamed to a filename such as "78431.EZYMN". Encrypted files becomes unusable and indistinguishable. Following successful encryption, RAPID RANSOMWARE V3 creates a text file ("DECRYPT.EZYMN.txt") and places a copy in every existing folder.

What kind of malware is Sigrun?

Discovered by Michael Gillespie, Sigrun is a ransomware-type virus that stealthily infiltrates the system and encrypts most stored files.

During the process, Sigrun appends filenames with the ".sigrun" extension. For example, "sample.jpg" is renamed to "sample.jpg.sigrun". Once encryption is complete, this virus creates a text file ("RESTORE-SIGRUN.txt") and an HTML file ("RESTORE-SIGRUN.html"), placing copies of both in every existing folder.

What is search.tb.ask.com?

Developers present search.tb.ask.com (also known as int.search.tb.ask.com) as a web search engine that generates improved results and, therefore, enhances, the browsing experience.

In fact, ask.com is legitimate, but developers promote search.tb.ask.com in a deceptive way - they employ browser-hijacking applications (toolbars) designed by Mindspark Interactive Network (also known as IAC Applications).

What is search.searchswift.co?

Similar to searchencrypt.com, search.searchswift.co is a fake web search engine that, according to the developers, enhances the browsing experience by generating improved results.

Judging on appearance alone, this site may seem legitimate and useful, however, developers promote it using various browser-hijacking set-ups/apps. Furthermore, search.searchswift.co gathers data relating to web browsing activity.

What is Everbe?

Everbe is another ransomware-type virus discovered by Jakub Kroustek. It is designed to stealthily infiltrate the system and encrypt most stored files. During the process, Everbe adds the ".[everbe@airmail.cc].everbe" appendix to all filenames (e.g., "sample.jpg" is renamed to "sample.jpg.[everbe@airmail.cc].everbe").

Other variants of this ransomware use: ".[everest@airmail.cc].EVEREST", ".[notopen@cock.li].NOT_OPEN", ".[divine@cock.lu].divine", ".[pain@cock.lu].pain", ".[thunderhelp@airmail.cc].thunder", ".Curator" and ".[eV3rbe@rape.lol].eV3rbe" extensions for encrypted files.

Compromised data immediately becomes unusable. Following successful encryption, Everbe generates a text file called "!=How_recovery_files=!.txt" and places a copy in every existing folder.

What is search.hthebookhub.co?

Developers present The Book Hub as a great tool that provides access to hundreds of e-books. This functionality may seem legitimate and useful, however, The Book Hub is categorized as a potentially unwanted program (PUP) and a browser hijacker.

There are three main reasons for these negative associations: 1) stealth installation without users' consent; 2) modification of web browser options, and; 3) information tracking.

What is Horsuke?

Recently discovered by malware security researcher, S!Ri, Horsuke is a ransomware-type virus designed to infiltrate the system and encrypt most stored files. During encryption, Horsuke appends filenames with the ".horsuke@nuke.africa" extension (e.g., "sample.jpg" is renamed to "sample.jpg.horsuke@nuke.africa").

Compromised data immediately becomes unusable. Once encryption is complete, Horsuke generates a text file ("HOW TO RECOVER ENCRYPTED FILES.TXT"), placing a copy in every existing folder, and changes the desktop wallpaper.

What is search.hnotepadpro.co?

Notepad Pro is a rogue app that claims to be an advanced version of the Windows Notepad application. Judging on appearance alone, Notepad Pro may seem legitimate, however, this app is categorized as a potentially unwanted program (PUP) and a browser hijacker.

The main reasons for these negative associations are installation without users' consent, promotion of a fake search engine, and tracking of web browsing activity.

What is CoinCube Miner?

CoinCube Miner is a cryptomining script that can be integrated into any website. It employs visitors' computer resources to mine cryptocurrencies.

There are a number of similar scripts, and although some are legitimate, cyber criminals design malicious sites and inject them with these cryptomining scripts. They promote malicious sites using various potentially unwanted (typically, adware-type) programs (PUPs). In this guide, we detail an adware bundle called FileTour.

What is search.hwallstreetwatch.co?

Developers present Wall Street Watch as a legitimate application that supposedly enables access to financial news and a 'financial calculator'. Initially, this app may seem legitimate and useful, however, Wall Street Watch is categorized as a potentially unwanted program (PUP) and a browser hijacker.

There are three main reasons for these negative associations: 1) installation without permission; 2) modification of web browser options, and; 3) tracking of sensitive data.