Virus and Spyware Removal Guides, uninstall instructions

What is OfferssDirect?

OfferssDirect is a deceptive application that supposedly provides various shopping coupons and notifies users of special deals/discounts available in various online shops. In doing so, OfferssDirect supposedly saves time and money. Many users believe that this app is legitimate and useful, however, it is classed as a potentially unwanted program (PUP) and adware.

There are three main reasons for these negative associations: 1) stealth installation without users' consent; 2) display of malicious advertisements, and; 3) tracking of various information (mostly relating to web browsing habits).

What kind of malware is Jhash?

Discovered by MalwareHunterTeam, Jhash is a virus based on an open-source ransomware project called Hidden Tear.

Once infiltrated, Jhash encrypts most stored data using AES cryptography and adds the ".locky" extension to the name of each compromised file. Following successful encryption, Jhash creates a text file ("Leeme_Nota_de_Rescate.txt"), placing it on the desktop, and changes the desktop wallpaper.

What is search.movies-tab.com?

Movies Tab is a deceptive application that falsely claims to allow users to watch various movies online free of charge. Initially, search.movies-tab.com may appear legitimate and useful, however, this potentially unwanted program (PUP) often infiltrates systems without permission and collects various user-system information.

Movies Tab is also categorized as a browser hijacker - a form of unwanted software that modifies web browser options without permission.

What is "Windows Defender Prevented An Unrecognized Software"?

"Windows Defender Prevented An Unrecognized Software" is a fake error discovered by MalwareHunterTeam. This error message claims that Windows Defender has detected suspicious activity/software on the system. Furthermore, "Windows Defender Prevented An Unrecognized Software" locks the computer screen, after which users are unable to take any further action.

What is search.flagbeg.com?

search.flagbeg.com is a fake Internet search engine identical to search.ishimotto.com, search.pensirot.com, search.yofitofix.com, and many others. 

By offering improved search results, search.flagbeg.com attempts to give the impression of legitimacy, however, this website is promoted using rogue downloaders/installers that modify browser options without permission. Furthermore, search.flagbeg.com continually records various information relating to users' Internet browsing experience.

What is hp.myway.com?

Developed by Mindspark Interactive Network (also known as IAC Applications), HoroscopeBuddy is a deceptive application that supposedly provides daily horoscopes.

Judging on appearance alone, this app may seem legitimate and useful, however, HoroscopeBuddy often infiltrates systems without permission. In addition, it is categorized as a browser hijacker - a form of unwanted software that modifies web browser settings without users’ permission.

What is Powerful Hidden Tear?

Discovered by MalwareHunterTeam, Powerful Hidden Tear is a virus based on an open-source ransomware project called Hidden Tear. This malware is proliferated using the "The Art of Amazon Carding.pdf.exe" file, which means that, prior to infection, victims were trying to learn about carding - a type of fraud relating to banking and online payments.

Once infiltrated, Powerful Hidden Tear encrypts stored data using AES cryptography and adds the ".locked" extension to each filename.

For instance, "sample.jpg" is renamed to "sample.jpg.locked". From this moment on, files become unusable. Immediately after encryption, Powerful Hidden Tear changes the desktop wallpaper and places a "READ_ME.txt" file on the desktop.

What is hp.myway.com?

ConvertersNow is a deceptive application developed by Mindspark Interactive Network (also known as IAC Applications). This program claims to provide functionality allowing conversion of PDF files to various other formats.

This functionality may seem legitimate and useful, however, this potentially unwanted program (PUP) often infiltrates systems without permission. Furthermore, ConvertersNow is categorized as a browser hijacker - a form of unwanted software that modifies Internet browser settings without users’ permission.

What is Relock?

First discovered by malware security researcher, Dmitriy Melikov, Relock is a new variant of a ransomware-type virus called Matrix. Once infiltrated, Relock encrypts stored data (from this point files become unusable) and adds the "_[RELOCK001@TUTA.IO].*" extension to each filename.

For instance, "sample.jpg" is renamed to "sample.jpg_[RELOCK001@TUTA.IO]" or "sample_[RELOCK001@TUTA.IO].jpg". Immediately after encryption, Relock generates a "!OoopsYourFilesLocked!.rtf" file and places it in each existing folder. It also changes the desktop wallpaper.

What is CompariShop?

CompariShop is a rogue application identical to LiveShoppers, ShoppyTool, MyCouponize, and many others. By offering functionality to save time and money (coupons, notifications about special deals/discounts on various online shops, etc.), CompariShop attempts to give the impression of legitimacy.

Be aware, however, that this app is categorized as adware and a potentially unwanted program (PUP). There are three reasons for these negative associations: 1) display of 'malvertising' ads; 2) information tracking, and; 3) stealth installation without users' consent.