Virus and Spyware Removal Guides, uninstall instructions

What is HELLO?

HELLO is a ransomware-type virus discovered by malware security researcher, xXToffeeXx. It is a variant of a ransomware virus called Xorist. Following successful infiltration, this malware encrypts stored data and appends filenames with the ".HELLO" extension (for example, "sample.jpg" is renamed to "sample.jpg.HELLO").

Following successful encryption, HELLO changes the desktop wallpaper, creates a text file ("HOW TO DECRYPT FILES.txt", placed in each folder containing encrypted files), and displays an error message.

What is newtab.quiklogin.co?

QuikLogin is a deceptive application that supposedly enhances the Internet browsing experience by providing quick access to user-accounts on various websites.

Initially, QuikLogin may seem legitimate and useful, however, this app is categorized as a browser hijacker and a potentially unwanted program (PUP). There are three main reasons for these negative associations: 1) stealth installation without consent; 2) unwanted redirects, and; 3) tracking of users' browsing activity.

What is search.safefinder.com?

The search.safefinder.com browser hijacker infiltrates Internet browsers (Internet Explorer, Google Chrome, and Mozilla Firefox) via free software downloads. Browser redirects to this website are caused by a potentially unwanted application called 'SafeFinder' created by Linkury Inc.

Internet users often install SafeFinder adware inadvertently without their consent when downloading and installing freeware. At time of research, this browser plug-in was distributed using deceptive freeware 'download clients' and fake downloads. For example, fake Java updates or fake Internet browser updates.

After successful infiltration, the SafeFinder potentially unwanted application modifies users' Internet browser settings by assigning the homepage and default search engine fields to search.safefinder.com

What is seethisoffer.info?

Identical to go2jump.org, buzzadexchange.com, searchkska.com, and many others, seethisoffer.info is a deceptive website designed to cause redirects to other suspicious sites.

Users are redirected to seethisoffer.information by various potentially unwanted programs (PUPs) that infiltrate systems without consent (the "bundling" method). As well as causing redirects, PUPs deliver intrusive advertisements and continually record user-system information.

What is spacequery.com?

spacequery.com is a fake Internet search engine that supposedly generates improved search results and, therefore, enhances the browsing experience. On initial inspection, spacequery.com may seem similar to legitimate search engines such as Google, Yahoo, Bing, and so on.

Therefore, many users believe that this site is also legitimate, however, it records various data relating to browsing activity. In addition, developers promote spacequery.com via deceptive download/installation set-ups that hijack browsers and stealthily modify various options without permission.

What is go2jump.org?

Identical to tradedoubler.com, pipeschannels.com, becanium.com, and many others, go2jump.org is a deceptive site that redirects to a number of other suspicious websites.

Research shows that users often visit go2jump.org inadvertently - they are redirected by various potentially unwanted programs (PUPs) that infiltrate systems during installation of regular software. As well as causing redirects, PUPs deliver intrusive advertisements and continually record user-system information.

What is Right-Click Search?

Right-Click Search is a rogue application that supposedly allows searching of highlighted text within Google and Wikipedia.

On initial inspection, Right-Click Search may seem legitimate and useful, however, it is categorized as a potentially unwanted program (PUP) and adware. There are three main reasons for these negative associations: 1) stealth installation without consent; 2) display of intrusive online advertisements, and; 3) tracking of users' Internet browsing activity.

What is search.pabapara.com?

Developers present search.pabapara.com as a "top-notch" Internet search engine that generates improved results and, therefore, enhances the browsing experience. Judging on appearance alone, search.pabapara.com barely differs from legitimate search engines such as Google, Bing, and Yahoo.

Therefore, many users believe that search.pabapara.com is also legitimate. In fact, this site records various user-system information relating to browsing activity. Furthermore, developers promote it via rogue downloaders/installers that modify browser settings without permission.

What is Locky?

Locky is ransomware distributed via malicious .doc files attached to spam email messages. Each word document contains scrambled text, which appear to be macros. When users enable macro settings in the Word program, an executable file (the ransomware) is downloaded.

Various files are then encrypted. Note that Locky changes all file names to a unique 16-letter and digit combination with .diablo6, .aesir, .shit, .thor, .locky, .zepto or .odin file extension.

Thus, it becomes virtually impossible to identify the original files. All are encrypted using the RSA-2048 and AES-1024 algorithms and, therefore, a private key (stored on remote servers controlled by cyber criminals) is required for decryption. To decrypt the files, victims must pay a ransom.

What is Diamond Computer Encryption?

Diamond Computer Encryption is malware based on an open-source ransomware project called Hidden Tear. Diamond Computer Encryption was first discovered by malware security researcher, xXToffeeXx. Once infiltrated, this software encrypts various data using AES cryptography.

During encryption, Diamond Computer Encryption appends filenames with an extension comprising six random letters/digits. For example, "sample.jpg" might be renamed to "sample.jpg.gh81l0". After successful file encryption, Diamond Computer Encryption creates the "_READ_IT_FOR_RECOVER_FILES.html" file, placing it in each folder containing encrypted files.