Virus and Spyware Removal Guides, uninstall instructions

What is search.hwatchsportslive.co?

Watch Sports Live is a deceptive application that supposedly allows users to watch various sports events live via the Internet. Judging on appearance alone, Watch Sports Live may seem legitimate and useful, however, this app is categorized as a browser hijacker and a potentially unwanted program (PUP).

The main reasons for these negative associations are promotion of a fake search engine (search.hwatchsportslive.co), information tracking, and installation without users' consent.

What is "StalinLocker"?

Discovered by MalwareHunterTeam, StalinLocker is newly-discovered malware that stealthily infiltrates the system and locks the computer screen. StalinLocker then displays a full-screen window whilst simultaneously playing the USSR national anthem. In addition, this malware terminates most processes (including "Explorer.exe" and "taskmgr.exe").

What is search.hmyquickconverter.com?

According to the developers, My Quick Converter allows conversion of various file formats to PDF and DOC. On initial inspection, this app may seem legitimate, however, My Quick Converter often infiltrates systems without permission.

Furthermore, it stealthily modifies web browser options and records various user-system information. For these reasons, My Quick Converter is categorized as a potentially unwanted program (PUP) and a browser hijacker.

What is search.pitchofcase.com?

Identical to search.papershorty.com, search.salamangal.com, search.froktiser.com, and many others, search.pitchofcase.com is a fake Internet search engine that supposedly enhances the browsing experience by generating improved results. Judging on appearance alone, search.pitchofcase.com barely differs from legitimate search engines such as Google, Yahoo, Bing, etc.

Many users believe that search.pitchofcase.com is also legitimate, however, developers promote this site using rogue download/installation set-ups that modify browser settings without permission. In addition, search.pitchofcase.com records information relating to web browsing habits.

What is RDN_Trojan.worm!055BCCAC9FEC Infection?

Similar to RDN/Trojan/Hacking, RDN/YahLover.worm Infection, and many others, "RDN_Trojan.worm!055BCCAC9FEC" Infection is a fake error message displayed by various deceptive websites. Research shows that most visitors arrive at these sites inadvertently - they are redirected by potentially unwanted programs (PUPs) or intrusive ads delivered by other rogue sites.

In most cases, potentially unwanted programs infiltrate systems without permission and, as well as causing redirects, deliver intrusive advertisements, gather various information, and (sometimes) misuse system resources to run unwanted background processes.

What is CryptON?

CryptON (also known as Cry9, Cry36, Cry128, Nemesis, X3M) CryptoLocker is a ransomware-type virus discovered by Jakub Kroustek. Once infiltrated, CryptON CryptoLocker encrypts files using RSA-2048 and AES-256 encryption algorithms.

During encryption, this virus renames encrypted files using the "[original_file_name].id-[victim’s ID]_steaveiwalker@india.com_" pattern. For instance, "sample.jpg" might be renamed to "sample.jpg.id-3057868259_steaveiwalker@india.com_".

Following successful encryption, CryptON CryptoLocker changes the desktop wallpaper and creates a text file ("COMO_ABRIR_ARQUIVOS.txt"), placing it in each existing folder containing encrypted files. Note that CryptON CryptoLocker is not related to previously-discovered Crypton ransomware.

What is Sepsis?

Sepsis is a ransomware-type virus discovered by MalwareHunterTeam. This malicious program is designed to encrypt data and demand payment for the decryption.

Immediately after infiltration, Sepsis encrypts most stored data and adds the ".[Sepsis@protonmail.com].SEPSIS" appendix to the name of each compromised file. For instance, "sample.jpg" is renamed to "sample.jpg.[Sepsis@protonmail.com].SEPSIS". Encrypted data immediately becomes unusable. Following successful encryption, Sepsis opens a pop-up window that contains a ransom-demand message.

Sepsis is a decryptable ransomware. Michael Gillespie has released a free decrypter for it (more information below).

What is search.hwatchnewsnow.com?

Developers state that the Watch News Now application allows users to watch various news channels directly from the browser. This functionality may seem legitimate and useful, however, Watch News Now is categorized as a potentially unwanted program (PUP) and a browser hijacker.

There are three main reasons for these negative associations: 1) stealth installation without consent; 2) promotion of a fake web search engine [search.hwatchnewsnow.com], and; 3) tracking of users' Internet browsing activity.

What is Bankworm Virus?

"Bankworm Virus" is a fake error message displayed by various deceptive sites. Research shows that many visitors arrive at these sites inadvertently - they are redirected by potentially unwanted programs (PUPs) or intrusive ads delivered by other malicious sites.

In most cases, PUPs infiltrate the system without permission and, in addition to redirecting, deliver intrusive ads, record user-system information and, sometimes, even run unwanted background processes.

What is Facebook?

First discovered by malware security researcher, Leo, Facebook (ransomware) is file-encryption malware that behaves similarly to ransomware-type viruses.

Immediately after infiltration, Facebook encrypts most stored data and appends filenames with the ".facebook.facebook" extension (i.e., "sample.jpg" is renamed to "sample.jpg.facebook.facebook"). Compromised data immediately becomes unusable. After successful encryption, Facebook opens a pop-up window.