Virus and Spyware Removal Guides, uninstall instructions

What is "ElmersGlue"?

ElmersGlue is a ransomware-type virus that stealthily infiltrates systems and encrypts files. In doing so, ElmersGlue appends the ".elmerlocked" extension to the name of each encrypted file. For example, "sample.jpg" is renamed to "sample.jpg.elmerlocked".

Following successful encryption, ElmersGlue locks the computer screen and displays a ransom-demand message.

What is searchtnup.com?

Developers present searchtnup.com as an improved Internet search engine that significantly enhances the browsing experience by generating improved results. Judging on appearance alone, searchtnup.com may seem similar to Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that searchtnup.com is also legitimate. In fact, this site is promoted via rogue download/installation set-ups designed to hijack web browser settings and modify various options. Furthermore, searchtnup.com continually records various information relating to users' Internet browsing activity.

What is Tigers Deals?

Tigers Deals is a rogue application that falsely claims to save time and money by providing various coupons and notifications of special deals/discounts on various online shops. Judging on appearance alone, Tigers Deals may seem legitimate and useful, however, this app infiltrates systems without consent.

In addition, it continually displays intrusive online advertisements and records user-system information. For these reasons, Tigers Deals is categorized as a potentially unwanted program (PUP) and adware.

What is Suspicious Ransomware Activity?

"Suspicious Ransomware Activity" is a fake pop-up error displayed by a malicious website. Users often visit this website inadvertently - they are redirected by various potentially unwanted programs (PUPs). These rogue programs infiltrate systems without consent (the "bundling" method).

In addition, they deliver intrusive online advertisements and continually gather various user-system information.

What is startsearch.co?

startsearch.co is presented as a 'high-experience' Internet search engine that supposedly generates improved results and, therefore, enhances the browsing experience. Judging on appearance alone, startsearch.co barely differs from legitimate search engines such as Google, Bing or Yahoo.

Therefore, many users believe that startsearch.co is also legitimate and useful. In fact, it records user-system information relating to browsing activity. In addition, developers promote this site by employing rogue download/installation set-ups that modify browser settings without permission.

What is search.superspeedtester.com?

Super Speed Tester is a rogue application that supposedly allows users to test and improve Internet performance. On initial inspection, Super Speed Tester may appear legitimate and useful, however, this app is categorized as a potentially unwanted program (PUP) and a browser hijacker.

There are three main reasons for these negative associations: 1) stealth installation without consent; 2) modification of web browser settings, and; 3) tracking of users' Internet browsing activity.

What is EncrypTile?

EncrypTile is ransomware-type malware that encrypts files using AES and RSA cryptography. This virus appends the "EncrypTile" string to the name of each encrypted file. For example, "sample.jpg" becomes "sample.jpgEncrypTile".

Following successful encryption, EncrypTile creates four files ("Decrypt_[victim's_id].txt", "Decrypt_[victim's_id].html", "Decrypt_[victim's_id].bmp", and "How to buy bitcoin_[victim's_id].txt"), places them on the desktop, and changes the desktop wallpaper. EncrypTile then opens a pop-up window that locks the computer screen.

What is Enjey Crypter?

Enjey Crypter is a ransomware-type virus discovered by MalwareHunterTeam. This malware is related to the Fs0ci3ty and RemindMe viruses. Once infiltrated, Enjey Crypter encrypts files and appends the ".encrypted.contact_here_me@india.com.enjey" extension to the name of each encrypted file.

For instance, "sample.jpg" is renamed to "sample.jpg.encrypted.contact_here_me@india.com.enjey". Following successful encryption, Enjey Crypter creates a text file ("README_DECRYPT.txt"), placing it on the desktop.

Updated variants of this ransomware append .encrypted.decrypter_here@freemail.hu.enjey to encrypted files and use HOW_YOU_CAN_DECRYPT_YOUR_FILES.TxT file for ransom demanding message.

What is exactsearch.org?

exactsearch.org is presented as an Internet search engine that generates improved results and, therefore, enhances the browsing experience.

On initial inspection, exactsearch.org may appear legitimate and useful, however, this site gathers various information relating to users' browsing activity. In addition, developers promote it via rogue download/installation set-ups that modify browser settings without consent.

What kind of malware is MOLE?

MOLE is a ransomware-type virus discovered by malware security researcher, Brad Duncan. This virus is distributed via spam emails - fake USPS delivery notices (for example, "Please recheck your delivery address", "We have delivery problems with your parcel", "Our USPS courier can not contact you parcel", etc.).

The email message contains a link to a leading to a fake "Word Online" website containing an error message stating that a document cannot be opened and, therefore, victims must download a plug-in (which is actually malware).

Following successful infiltration, MOLE encrypts files and renames them using the "[32_random_characters].MOLE" pattern (for example, "1.jpg" is renamed to "0E95FDBA0D15AAC484CF87B30D2F7630.MOLE"). Note that newer variants of this ransomware use .MOLE02 and .MOLE03 extensions for encrypted files.