Virus and Spyware Removal Guides, uninstall instructions

What is searches.safehomepage.com?

Searches.safehomepage.com is a popular website that can be used as a homepage and default search engine. The developers employ a deceptive software marketing method called 'bundling' to install this browser hijacker on Internet browsers (Internet Explorer, Google Chrome, and Mozilla Firefox) without users' permission.

Once installed, this app modifies the new tab URL, homepage, and default search engine browser settings by assigning them to searches.safehomepage.com. Furthermore, several small applications called 'helper objects' are installed with this app to prevent users from reverting these changes.

Bundling is stealth installation of third-party software together with regular software, and for this reason, users commonly install this browser hijacker inadvertently during download of free software from freeware download websites.

What is Interstitial Information advertisement?

"Interstitial Information?" is a type of intrusive online advertisement that conceals visited website content. The ads are delivered by potentially unwanted adware-type programs.

By giving fake promises to enhance Internet browsing activity, adware-type applications such as InterYield are designed to give the impression of legitimate software, thereby tricking users to install. After infiltrating the system, however, these applications simply generate intrusive online ads and track users' Internet browsing activity.

What is Stampado?

A ransomware service called Stampado is new malware available on the dark market. This virus is advertised and sold on the 'dark web' - anyone can purchase a lifetime license and proliferate the virus without little effort.

After infiltrating computers, Stampado encrypts various files and appends the name of each encrypted file with the .locked extension. Stampado then opens a ransom-demand window.

What is search.tagadin.com?

search.tagadin.com is presented as an Internet search engine that significantly enhances the Internet browsing experience by generating improved results.

Judging on appearance alone, search.tagadin.com may appear legitimate and useful, however, developers promote this website via rogue download/installation set-ups designed to modify browser settings without permission. Furthermore, this website continually records various information relating to users' Internet browsing activity.

What is May?

May is a ransomware-type virus discovered by MalwareHunterTeam. Once infiltrated, May encrypts various data using AES-256 and RSA-4096 encryption algorithms and appends filenames with the ".locked" extension (for example, "sample.jpg" is renamed to "sample.jpg.locked").

May then creates a text file ("Restore_your_files.txt") containing a ransom-demand message and places it in each folder containing encrypted files.

What is weather-genie.com?

According to the developers, weather-genie.com is a 'high-experience' Internet search engine that significantly enhances the browsing experience by generating improved results. Judging on appearance alone, weather-genie.com may appear legitimate and useful, however, this website is promoted via a rogue application called WeatherGenie.

By falsely claiming to provide local weather forecasts, WeatherGenie attempts to give the impression of legitimacy.

In fact, it is categorized as a potentially unwanted program (PUP) and a browser hijacker. There are three main reasons for these negative associations: 1) stealth installation without consent; 2) modification of web browser settings, and; 3) tracking of users' Internet browsing activity.

What kind of malware is ONYONLOCK?

ONYONLOCK is a new variant of a ransomware-type virus called BTCWare. This virus was discovered by security researcher, MalwareHunterTeam. Following successful infiltration, ONYONLOCK encrypts various data stored on victims' computers.

Furthermore, it appends the ".onyon" extension to the name of each encrypted file (for example, "sample.jpg" is renamed to "sample.jpg.onyon"). Once files are encrypted, ONYONLOCK creates a text file ("!#_DECRYPT_#!.inf"), placing it in each folder containing encrypted files.

What is CryptoViki?

CryptoViki is a ransomware-type virus discovered by malware security researcher, Marcelo Rivero. Once infiltrated, CryptoViki encrypts various data and appends the ".viki" extension to the names of all compromised files. For instance, "sample.jpg" is renamed to "sample.jpg.viki".

Following successful encryption, CryptoViki changes the desktop wallpaper and creates a text file ("readme.txt"), placing it in each folder containing encrypted files.

What is ShareWithUs?

ShareWithUs is a deceptive application that stealthily infiltrates systems during installation of other programs (the "bundling" method).

Following infiltration, this app generates various intrusive online advertisements and continually records information relating to users' Internet browsing activity. For these reasons, ShareWithUs is categorized as adware and a potentially unwanted program (PUP).

What is GruxEx?

GruxEx is a copy of an open-source ransomware project called Hidden Tear. Once infiltrated, GruxEx employs AES cryptography to encrypt various files. During encryption, this ransomware appends the ".grux" extension to the name of each encrypted file.

For instance, "sample.jpg" is renamed to "sample.jpg.grux". Following successful encryption, GruxEx opens a pop-up window containing a ransom-demand message.