Virus and Spyware Removal Guides, uninstall instructions

What is hp.myway.com?

Developed by Mindspark Interactive Network (also known as IAC Applications), HoroscopeBuddy is a deceptive application that supposedly provides daily horoscopes.

Judging on appearance alone, this app may seem legitimate and useful, however, HoroscopeBuddy often infiltrates systems without permission. In addition, it is categorized as a browser hijacker - a form of unwanted software that modifies web browser settings without users’ permission.

What is Powerful Hidden Tear?

Discovered by MalwareHunterTeam, Powerful Hidden Tear is a virus based on an open-source ransomware project called Hidden Tear. This malware is proliferated using the "The Art of Amazon Carding.pdf.exe" file, which means that, prior to infection, victims were trying to learn about carding - a type of fraud relating to banking and online payments.

Once infiltrated, Powerful Hidden Tear encrypts stored data using AES cryptography and adds the ".locked" extension to each filename.

For instance, "sample.jpg" is renamed to "sample.jpg.locked". From this moment on, files become unusable. Immediately after encryption, Powerful Hidden Tear changes the desktop wallpaper and places a "READ_ME.txt" file on the desktop.

What is hp.myway.com?

ConvertersNow is a deceptive application developed by Mindspark Interactive Network (also known as IAC Applications). This program claims to provide functionality allowing conversion of PDF files to various other formats.

This functionality may seem legitimate and useful, however, this potentially unwanted program (PUP) often infiltrates systems without permission. Furthermore, ConvertersNow is categorized as a browser hijacker - a form of unwanted software that modifies Internet browser settings without users’ permission.

What is Relock?

First discovered by malware security researcher, Dmitriy Melikov, Relock is a new variant of a ransomware-type virus called Matrix. Once infiltrated, Relock encrypts stored data (from this point files become unusable) and adds the "_[RELOCK001@TUTA.IO].*" extension to each filename.

For instance, "sample.jpg" is renamed to "sample.jpg_[RELOCK001@TUTA.IO]" or "sample_[RELOCK001@TUTA.IO].jpg". Immediately after encryption, Relock generates a "!OoopsYourFilesLocked!.rtf" file and places it in each existing folder. It also changes the desktop wallpaper.

What is CompariShop?

CompariShop is a rogue application identical to LiveShoppers, ShoppyTool, MyCouponize, and many others. By offering functionality to save time and money (coupons, notifications about special deals/discounts on various online shops, etc.), CompariShop attempts to give the impression of legitimacy.

Be aware, however, that this app is categorized as adware and a potentially unwanted program (PUP). There are three reasons for these negative associations: 1) display of 'malvertising' ads; 2) information tracking, and; 3) stealth installation without users' consent.

What is Awesome Dealers?

According to the developers, Awesome Dealers is a legitimate application that saves time and money when shopping online - it supposedly provides coupons and notifies users of special deals/discounts on various online shops. Initially, Awesome Dealers may seem legitimate and useful, however, this app often infiltrates systems without permission.

Furthermore, developers use it to generate 'malvertising' revenue (Awesome Dealers delivers intrusive ads) and gather user-system information. For these reasons, Awesome Dealers is classed as a potentially unwanted program (PUP) and adware.

What is Wo Sind Meine Dateien?

Wo Sind Meine Dateien (also known as HSDFSDCrypt ransomware) is a ransomware-type virus discovered by malware security researcher, Michael Gillespie. Once infiltrated, Wo Sind Meine Dateien claims to encrypt data using AES-256 cryptography, however, according to Karsten Hahn, rather than encrypting files, the virus completely destroys their contents.

During "encryption", Wo Sind Meine Dateien renames files using the "[14_random_letters_and_digits]" pattern (e.g., "sample.jpg" might be renamed to a filename such as "GkeO9lP2zb3K1"). Note that, unlike other ransomware, Wo Sind Meine Dateien does not append any extension.

From this point, files become unusable and indistinguishable. After successfully "encrypting" files, Wo Sind Meine Dateien places a "Wo_sind_meine_Dateien.html" file on the desktop.

What is Teamo?

Discovered by malware security researcher, Karsten Hahn, Teamo is malware based on an open-source ransomware project called Hidden Tear.

Once infiltrated, Teamo encrypts stored files, which then become unusable. During encryption, this malware adds the ".teamo" extension to each filename (e.g., "sample.jpg" is renamed to "sample.jpg.teamo"). Immediately following encryption, Teamo creates a text file ("Hello Hi Hola como sea jaja.txt"), places it on the desktop, and changes the desktop wallpaper.

What is AppleCare And Warranty?

Displayed by a malicious website, "AppleCare And Warranty" is a fake error message claiming that the system is infected. Research shows that users often visit this website inadvertently - they are redirected by potentially unwanted programs (PUPs) that typically infiltrate systems without permission.

Be aware that these rogue programs are designed to misuse system resources, gather sensitive data, and deliver 'malvertising' ads (pop-ups, coupons, banners, etc.)

What is "Microsoft Has Blocked The Computer"?

Similar to "Microsoft Security Alert", "Suspicious Connection", "Firewall Breach Detected", and many others, "Microsoft Has Blocked The Computer" is a fake error message displayed by a deceptive website.

Research shows that users are often redirected to this website by various potentially unwanted programs (PUPs) that often infiltrate systems without permission. As well as causing redirects, PUPs misuse system resources, gather information, and deliver malicious ads (pop-ups, coupons, banners, etc.)