Virus and Spyware Removal Guides, uninstall instructions

What is search.superdoctopdf.com?

Superdoctopdf is a rogue application that supposedly allows users to convert various files (for example, MS Office documents) to PDF format. On initial inspection, Superdoctopdf may seem legitimate and useful, however, this app is categorized as a potentially unwanted program (PUP) and a browser hijacker.

There are three main reasons for these negative associations: 1) installation without consent; 2) stealth modification of web browser settings, and; 3) tracking of users' Internet browsing activity.

What is search.abclauncher.com?

Developers present search.abclauncher.com as a "high-experience" Internet search engine that significantly enhances the browsing experience by generating improved results. Judging on appearance alone, search.abclauncher.com may seem similar to Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that search.abclauncher.com is also legitimate and useful, however, this site is promoted via rogue download/installation set-ups that hijack web browsers and stealthily modify various settings. In addition, search.abclauncher.com continually records various data relating to browsing activity.

What is Bit paymer?

Bit paymer is a ransomware-type virus discovered by security researcher, Michael Gillespie. Following successful infiltration, Bit paymer encrypts files and appends filenames with the ".locked" extension (for example, "sample.jpg" is renamed to "sample.jpg.locked").

In addition, this virus creates a copy of a text file for each encrypted file. These text files have names associated with the encrypted files (format: "[original_file_name].readme_txt" - for example, "sample.jpg.readme_txt"). Each text file contains a ransom-demand message.

What is PowerShell ransomware?

Discovered by malware security researcher SecGuru, PowerShell is a ransomware-type program. It has been observed being distributed via spam emails (e.g., fake Delivery Status Notification, etc.). The malicious email attachment is a .js file that is compressed twice (zip within a zip). The .js file is a PowerShell script that infects the system.

Following successful infiltration, PowerShell encrypts data to demand payment for the decryption. Unlike other ransomware, this program does append files with any extensions. After the encryption is complete, an HTML file ("_README-Encrypted-Files.html") is dropped onto the desktop.

What is tapxchange.com?

tapxchange.com is a rogue website designed to redirect users to random suspicious websites. Users often visit tapxchange.com inadvertently - they are redirected by various potentially unwanted programs (PUPs) that infiltrate systems during installation of other software (the "bundling" method).

In addition, PUPs generate intrusive online advertisements and track users' Internet browsing activity.

What is affrh2022.com?

Identical to xb9010485.com, click.fancywap.com, syndication.exdynsrv.com, and many others, affrh2022.com is a rogue website designed to redirect users to a variety of other random sites.

Users are redirected to affrh2022.com by potentially unwanted programs (PUPs) that infiltrate systems without consent (the "bundling" method). As well as causing redirects, PUPs deliver intrusive online advertisements and continually record private data.

What is .Crypted?

Nemucod is a trojan that downloads additional malware onto victims' computers. Cyber criminals proliferate this software via emails containing attached zipped files. These emails often claim to be legitimate invoices, notices of appearance in court, or other official documents.

Computer users commonly fall for these scams and open the attached documents that contain a JavaScript file. The file then downloads the Nemucod trojan onto their systems.

Previously, the Nemucod trojan downloaded and installed TeslaCrypt and Locky ransomware on victims' computers, however, it recently started a new campaign whereby it downloads ransomware to encrypt users' data (adding the .crypted extension to compromised files and creating the DECRYPT.txt file on victims' desktops).

What is search.futuremediatabsearch.com?

Developers present search.futuremediatabsearch.com as a "high-experience" Internet search engine that significantly enhances the browsing experience by generating improved results and providing quick access to various popular websites (for example, Facebook, YouTube, IMDb, etc.).

Initially, search.futuremediatabsearch.com may appear legitimate and useful, however, this site is promoted via a rogue application called FutureMediaTab. The app usually infiltrates systems without consent.

Furthermore, FutureMediaTab stealthily modifies browser settings and (as is the case with search.futuremediatabsearch.com) continually records various data relating to users' Internet browsing activity. For these reasons, FutureMediaTab is categorized as a potentially unwanted program (PUP) and a browser hijacker.

What is basicquery.com?

basicquery.com is presented as a "high-experience" Internet search engine that supposedly enhances the browsing experience by generating improved results. Judging on appearance alone, basicquery.com may seem similar to Google, Yahoo, Bing, and other legitimate search engines.

Therefore, many users believe that basicquery.com is also legitimate and useful. Be aware, however, that developers promote this website by employing rogue download/installation set-ups that hijack browsers and stealthily modify various options. In addition, basicquery.com continually records various data relating to browsing activity.

What is wyyo.com?

Developers present wyyo.com as an Internet search engine that generates improved results and, therefore, enhances the browsing experience.

Judging on appearance alone, wyyo.com may seem legitimate and useful, however, this website is promoted via rogue download/installation set-ups that modify browser settings without consent. In addition, wyyo.com records various information relating to users' Internet browsing activity.