Virus and Spyware Removal Guides, uninstall instructions

What is BTCWare PayDay?

Malware security researcher, Michael Gillespie, recently discovered a new variant of BTCWare ransomware - BTCWare PayDay. Once infiltrated, BTCWare PayDay encrypts stored files and appends filenames with the ".[developer's_email]-id-***.payday" extension.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.[Checkzip@india.com]-id-168.payday". Other variants of this ransomware use ".[payday@rape.lol]-id-***.payday" and ".[kekin@cock.li]-id-***.payday" extensions for encrypted files.

You can see the full list of email addresses below. After successfully encrypting files, BTCWare PayDay opens a new browser window displaying a ransom-demand message and drops a text file ("!! RETURN FILES !!.txt").

What kind of malware is ANONCRACK?

ANONCRACK is malware based on an open-source ransomware project called Hidden Tear. This virus was first discovered by malware security researcher, Michael Gillespie. Once infiltrated, ANONCRACK encrypts stored data and appends filenames with the ".crack" extension (for example, "sample.jpg" is renamed to "sample.jpg.crack").

Ransomware-type viruses based on Hidden Tear use the AES encryption algorithm. Following successful encryption, ANONCRACK creates a text file ("PAGO.txt"), placing it on the desktop, and changes the desktop wallpaper.

What is snitou.com?

According to the developers, snitou.com is a "high-quality" Internet search engine that significantly enhances the browsing experience by generating improved results. Judging on the appearance, snitou.com barely differs from Google, Bing, Yahoo, and other similar legitimate search engines.

Therefore, many users believe that snitou.com is also legitimate and useful. In fact, cyber criminals promote this site using rogue browser-hijacking download/installation set-ups that modify browser options without consent. Furthermore, snitou.com records various user-system information.

What is Asasin?

Asasin is a new variant of a high-risk ransomware-type virus called Locky. Cyber criminals spread this ransomware using spam emails (malicious attachments). At the time of research, the malicious attachment was a .vbs file, which, once executed, starts the infection chain by downloading and running Asasin malware on the victim's computer.

Following successful infiltration, Asasin encrypts stored data using RSA-2048 and AES-128 encryption algorithms. During encryption, Asasin renames encrypted files using a 36-letter and digit combination with a ".asasin" extension (previous variants of Locky used ".aesir", ".ykcol", ".diablo6", and a number of other extensions).

Once the files are encrypted, Asasin creates three additional files ("asasin.bmp" [also set as the desktop background], "asasin-5eac.htm", and "asasin.htm"), placing them on the desktop.

What is eanswers.com?

eanswers.com is a fake Internet search engine promoted by various browser-hijacking applications. These potentially unwanted programs (PUPs) usually infiltrate systems without consent.

Following infiltration, browser hijackers modify various settings without permission. In addition, PUPs and eanswers.com continually record user-system information relating to Internet browsing activity.

What is deloton.com?

deloton.com is a rogue website designed to redirect to various other suspicious sites. It is identical to thepopularlinks.com, contentplaces.com, restheet.com, and many others.

Research shows that users are redirected to deloton.com by various potentially unwanted programs (PUPs) without their consent (behavior common to PUPs). As well as causing redirects, PUPs generate 'malvertising' ads, misuse system resources, and record various user-system information.

What is search.mogobiggy.com?

search.mogobiggy.com is presented as a "top-notch" Internet search engine that significantly enhances the web browsing experience by generating improved results. Judging on appearance alone, search.mogobiggy.com barely differs from Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that search.mogobiggy.com is also legitimate. In fact, developers promote this site using rogue download/installation set-ups (browser hijackers) that modify browser settings without permission. In addition, search.mogobiggy.com continually records various information that might contain personal details.

What is trackingclick.com?

trackingclick.com is a rogue website identical to rosetheet.com, thepopularlinks.com, contentplaces.com, and many others. This website redirects to a number of other suspicious sites. Users often visit trackingclick.com inadvertently - they are redirected by potentially unwanted programs (PUPs) that infiltrate systems without consent.

Research also shows that most PUPs deliver intrusive online advertisements, record user-system information, and stealthily run various background processes.

What is search.stormygreatz.com?

According to the developers, search.stormygreatz.com is a "high-quality" Internet search engine that significantly enhances the web browsing experience by generating improved results. On initial inspection, search.stormygreatz.com may seem similar to Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that search.stormygreatz.com is also legitimate. In fact, this website is promoted using browser-hijacking download/installation set-ups that modify browser options without consent. Furthermore, search.stormygreatz.com records various user-system data.

What is search.pollicare.com?

Developers present search.pollicare.com as a "high-quality" Internet search engine designed to generate improved search results and, therefore, enhance the browsing experience. Judging on appearance alone, search.pollicare.com barely differs from legitimate search engines such as Google, Bing, Yahoo, and so on.

Therefore, many users believe that search.pollicare.com is also legitimate and useful. In fact, developers promote this site using deceptive download/installation set-ups (browser hijackers) that hijack browser options without permission. Furthermore, search.pollicare.com stealthily records user-system information.