Virus and Spyware Removal Guides, uninstall instructions

What is "CIA Special Agent"?

"CIA Special Agent" is a screen-locking virus discovered by Pieter Arntz. Cyber criminals responsible for the development of "CIA Special Agent" have previously released two other similar viruses: 1) Your Windows Has Been Banned, and; 2) M4N1F3STO.

"CIA Special Agent" malware infiltrates the system and locks the computer screen. The displayed pop-up contains a ransom-demand message.

What is tpoxa.com?

tpoxa.com is a fake Internet search engine claiming to enhance the Internet browsing experience by generating improved search results.

These claims often trick users into believing that tpoxa.com is legitimate and useful, however, developers promote this search engine via deceptive software download/installation set-ups that hijack web browsers and modify the settings without consent. Furthermore, this site gathers information relating to users' Internet browsing activity.

What is Locked-In?

First discovered by Karsten Hahn, Locked-In is ransomware-type malware that encrypts files using AES-256 cryptography. During encryption, it appends filenames with a random extension.

For instance, "sample.jpg" might be renamed to "sample.jpg.DGslk41gL" - the extension is always different. Following successful encryption, Locked-In creates an HTML file ("RESTORE_CORUPTED_FILES.HTML" or "RESTORE_NOVALID_FILES.HTML") and places it on the desktop.

What is "M4N1F3STO"?

M4N1F3STO is a ransomware-type virus that locks the computer screen and then displays a ransom-demand message claiming that files are encrypted and will be deleted. Be aware that these claims are false.

What is PayDay?

PayDay is malware based on Hidden Tear (an open-source ransomware project). Following infiltration, PayDay encrypts files using AES cryptography. During encryption, PayDay renames files by appending the ".sexy" extension. For example, "sample.jpg" is renamed to "sample.jpg.sexy".

Following successful encryption, PayDay creates an HTML file ("!!!!!ATENÇÃO!!!!!.html"), placing it on the desktop. This file contains a ransom-demand message.

What is home.giantsender.com?

home.giantsender.com is a fake Internet search engine claiming to generate improved search results and provide quick access to various popular websites. Judging on appearance alone, home.giantsender.com barely differs from Google, Yahoo, Bing, and other similar legitimate search engines.

Therefore, many users believe that home.giantsender.com is also legitimate. In fact, developers promote home.giantsender.com by employing a browser-hijacking application called Giant Sender, which supposedly allows users to share large data files. Furthermore, home.giantsender.com continually monitors users' Internet browsing activity.

What is UltraLocker?

UltraLocker is a ransomware-type virus based on CryptoWire (an open-source ransomware project). UltraLocker is virtually identical to Lomix ransomware and was first discovered by Karsten Hahn. Following successful infiltration, UltraLocker encrypts files using AES-256 algorithm.

During encryption, UltraLocker renames encrypted files using the "[file_name].locked.[file_extension]" pattern. For instance, "sample.jpg" is renamed to "sample.locked.jpg". Once files are encrypted, UltraLocker opens a pop-up window containing a ransom-demand message.

What is search.cazeoffice.com?

Developers present search.cazeoffice.com as an improved Internet search engine that generates better search results. Judging on appearance alone, search.cazeoffice.com may seem legitimate and useful, however, it is promoted via deceptive software downloaders/installers designed to modify web browser settings without consent.

Furthermore, search.cazeoffice.com continually records information relating to users' Internet browsing activity.

What is search.shockmute.com?

Search.shockmute.com is a fake Internet search identical to search.smokycap.com, search.swissfist.com, search.useaget.com, and many others. According to developers, search.shockmute.com significantly enhances the Internet searching experience by generating improved search results.

These claims often trick users into believing that search.shockmute.com is legitimate and useful, however, developers promote this fake search engine via rogue software download/installation set-ups that hijack web browsers and stealthily modify various options. In addition, search.shockmute.com collects various information relating to users' Internet browsing activity.

What is "Your PC Ran Into A Problem"?

"Your PC Ran Into A Problem" is malware that locks the screen and displays a fake error message. It is distributed with a potentially unwanted adware-type program (PUP) called "VinCE 1.5". 

The error states that the computer has ran into a problem and, therefore, victims must contact technical support for a solution. The adware generates intrusive online advertisements and track users' Internet browsing activity.