Virus and Spyware Removal Guides, uninstall instructions

What is ShoppyTool?

ShoppyTool is a dubious app identical to SmartShoppy, ShopTool, WebShoppers, and several other programs. All claim to save time and money while shopping online. Promises to provide coupons and notifications of special deals/discounts available on a variety of online stores often trick users into believing that ShoppyTool is a legitimate program.

In fact, this program is classed as adware and a potentially unwanted program (PUP).

One of the main reason for these negative associations is stealth installation - ShoppyTool is distributed using a deceptive marketing method called "bundling" and, thus, it often infiltrates systems without users' consent. Furthermore, ShoppyTool gathers various user/system information and delivers a variety of intrusive advertisements.

What is Hacked?

Hacked is a ransomware-type virus discovered by malware security researcher, Lawrence Abrams. Once infiltrated, Hacked imitates the Windows Update process, however, it actually encrypts stored data using RSA-4096 cryptography.

During encryption, this malware appends the ".hacked" extension to the name of each encrypted file (for instance, "sample.jpg" is renamed to "sample.jpg.hacked").

Following successful encryption, Hacked opens a pop-up window and creates five text files ("@readme_English.txt", "How_to_decrypt_files.txt" [same content as in "@readme_English.txt"], "@Leggimi_decrypt_Italian.txt", "@Readme_Spanish.txt", and "@Readme_turkish.txt") and an image file ("hacked.jpg").

What is search.search-settings.com?

Developers present search.search-settings.com as a "top-notch" Internet search engine that supposedly enhances the browsing experience by generating improved results. On initial inspection, this site may seem similar to Google, Yahoo, Bing, and other legitimate search engines. Therefore, many users believe that search.search-settings.com is also legitimate and useful.

This site is promoted using a deceptive application called Search Settings, which claims to allow users to switch between search engines. In fact, Search Settings is designed to stealthily infiltrate systems, modify web browser options, and record various user-system information. Therefore, it is categorized as a potentially unwanted program (PUP) and a browser hijacker.

What is WalletBee?

Created by DealPly Technologies Ltd, WalletBee is a rogue application that claims to save time and money by enabling coupons, comparison shopping, and displaying special discounts/deals available on shopping websites.

On initial inspection, this may appear to be a useful and legitimate browser add-on, however, be aware that WalletBee is categorized as a potentially unwanted program (PUP) or adware.

The developers of this rogue extension employ a deceptive software marketing method called 'bundling' (stealth installation of additional applications together with the chosen software) to install WalletBee on computers, and therefore, most users inadvertently install this PUP without their knowledge or consent.

Following successful infiltration, Walletbee generates numerous intrusive online advertisements including, for example, banner and text-link ads. It is highly probable that clicking these advertisements will lead to high-risk adware or malware infections.

What is NoterSave?

NoterSave is a rogue application that supposedly allows users to create and organize various notes. Initially, this functionality may seem legitimate and useful, however, this app is categorized as a potentially unwanted program (PUP) and adware.

The main reasons for these negative associations are: 1) stealth installation without consent; 2) tracking of users' Internet browsing activity, and; 3) display of intrusive online advertisements.

What kind of malware is GRYPHON?

GRYPHON is a ransomware-type virus discovered by malware security researcher, Leo. It's a variant of BTCWare ransomware. Once infiltrated, GRYPHON encrypts stored data and appends filenames with the ".[test].gryphon" extension (for example, "sample.jpg" is renamed to "sample.jpg.[test].gryphon").

Live variants of this ransomware use .[decr@cock.li].gryphon and .[bravobravo@cock.li].gryphon extensions for encrypted files.

Following successful encryption, GRYPHON creates a text file ("!## DECRYPT FILES ##!.txt") containing a ransom-demand message and places it in each folder containing encrypted files. Updated variants of this ransomware use .crypton extension for encrypted files. For example “.[gladius_rectus@aol.com   ].crypton” and “.[macgregor@aolonline.top ].crypton”.

What is SynAck?

SynAck is a ransomware-type virus discovered by malware security researcher, Michael Gillespie. Following successful infiltration, SynAck encrypts stored data using ECIES and AES-256 cryptographies.

During encryption, the virus appends filenames with an extension comprising 10 random letters (for example, "sample.jpg" might be renamed to a filename such as "sample.jpg.GkqIbOLjmE"). Once files are encrypted, SynAck creates a text file ("RESTORE_INFO-[victim's id].txt"), placing it on the desktop.

What is search.selected-search.co?

search.selected-search.co is a fake Internet search engine that supposedly enhances the browsing experience by generating improved results. Judging on appearance alone, search.selected-search.co may seem similar to Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that this site is also legitimate. In fact, developers promote it via a deceptive application called Selected Search. This app stealthily infiltrate systems, modifies web browser options, and tracks users' browsing activity. For these reasons, Selected Search is classed as a potentially unwanted program (PUP) and a browser hijacker.

What is Firewall detecting ‘suspicious’ incoming network connections?

"Firewall detecting ‘suspicious’ incoming network connections" is a fake error message displayed by a rogue website. Users often visit this site inadvertently - they are redirected by various potentially unwanted adware-type programs (PUPs).

Note that cyber criminals also promote this scam using Typosquatting - whenever users misspell a URL (for example, "facebook[.]cm" rather than "facebook[.]com") they are redirected to the rogue site. Note also that PUPs deliver various intrusive online advertisements and gather information relating to users' Internet browsing activity.

What is hp.myway.com?

Developed by Mindspark Interactive Network, FileConvertOnline is a deceptive application that supposedly allows conversion of various file formats. Initially, FileConvertOnline may seem legitimate and useful, however, this app is categorized as a browser hijacker and a potentially unwanted program (PUP).

There are three main reasons for these negative associations: 1) stealth installation without consent; 2) modification of web browser options, and; 3) potential tracking of Internet browsing activity.