Virus and Spyware Removal Guides, uninstall instructions

What is search.privacy-search.net?

Developers present search.privacy-search.net as a legitimate Internet search engine that generates improved search results and, therefore, enhances the browsing experience.

Judging on appearance alone, search.privacy-search.net may seem legitimate and useful, however, this website records various user-system information relating to Internet browsing activity. In addition, it is promoted via deceptive downloaders/installers that modify browser settings without permission.

What is Troldesh?

Troldesh is a family of ransomware-type viruses. Malware from this family is created using a 'development kit', which various affiliates utilize with their payment email addresses, and then distribute to infect as many computers as possible.

After system infiltration, these viruses encrypt victims' files using an asymmetric encryption algorithm (for example, RSA-2048) and modify the filenames. For instance, if the original file copy was named filesample.jpg, it would be renamed to filesample.jpg.[VICTIM'S ID].[DEVELOPERS' EMAIL].xtbl.

Never variants of this ransomware use .dexter and .crypted000007 extensions for encrypted files. These viruses also change the desktop wallpaper and create a number of text files (named, for example, How to decrypt your files.txt), placing them in each folder containing the encrypted files.

What is Net Wiz?

Net Wiz is a rogue application that falsely claims to save time and money by delivering coupons and providing notifications of special deals/discounts available on various online shops. This functionality might appear legitimate and useful, however, Net Wiz often infiltrates systems without consent.

Furthermore, this application delivers intrusive online advertisements and continually monitors users' Internet browsing activity. For these reasons, Net Wiz is categorized as a potentially unwanted program (PUP) and adware.

What is Enter a product key?

"Enter a product key" is a false error stating that the Windows copy is not activated. The user is asked to enter a genuine Windows activation key or call "Customer Support" via a telephone number provided (+1-888-414-4284).

Unlike other similar fake error messages, this particular one also delivers an expiration message via the computer speakers - when the user clicks on the error screen, a "Please Activate Your Windows Call To Us On 1884144284" message is played. Be aware, however, that entering a valid key will not work.

This error is a scam - developers merely attempt to trick users into calling the number. Furthermore, this scam error configures itself to run on Windows startup and is often promoted using adware-type applications (via the bundling method).

What kind of malware is crysis?

Crysis is ransomware-type malware mostly proliferated using deceptive e-mail messages containing infectious attachments and fake software updates (Java, Flash player, etc.) After successful system infiltration, virus-encoder encrypts files stored computers, and depending on the variant, adds:

 .write, .java, .cobra, .onion, .{mailrepa.lotos@aol.com}.CrySiS, .{TREE_OF_LIFE@INDIA.COM}.CrySiS, .CrySis, .locked, .kraken, .darkness, .nochance, .oshit, .oplata@qq_com, .relock@qq_com, .crypto, .helpdecrypt@ukr.net, .pizda@qq_com, .dyatel@qq_com, _ryp, .nalog@qq_com, .chifrator@qq_com, .gruzin@qq_com, .troyancoder@qq_com, .encrytped, .cry, .AES256, .enc or .hb15 extension.

Furthermore, this malware generates a unique user ID with '[email protected]' appended to each encrypted file name (for instance, if the unique ID is 6843158791, the file name of 'pcrisk.jpg' will be changed to '[email protected]'). Note that the desktop wallpaper of the infected system is changed to an image containing payment instructions.

Update 14 November, 2016 - Master keys of the Crysis ransomware have been published. Security experts have developed a decrypter for this ransomware. Victims of this ransomware should not pay the ransom and decrypt their files for free. You can download Kaspersky's Rakhni Decrypter HERE.

What is hp.myway.com?

CreateDocsOnline is a rogue application that supposedly provides MS Office features via a web browser. Judging on appearance alone, CreateDocsOnline might appear legitimate and useful, however, this app usually infiltrates systems without permission.

Furthermore, it modifies web browser settings and continually tracks users' Internet browsing activity. For these reasons, CreateDocsOnline is categorized as a potentially unwanted program (PUP) and a browser hijacker.

What is Your Internet Connection Is Temporarily Suspended?

"Your Internet Connection Is Temporarily Suspended" is a fake pop-up error message displayed by a malicious website that users visit inadvertently - they are redirected by various potentially unwanted programs (PUPs).

These applications often infiltrate systems without consent (the "bundling" method). As well as causing redirects, PUPs deliver intrusive online advertisements and continually record various user-system information.

What is search.findwide.com?

The findwide virus is a potentially unwanted application that modifies Internet browser (Internet Explorer, Google Chrome, and Mozilla Firefox) settings by assigning the homepage and default search engine fields to search.findwide.com. Commonly, computer users install the Findwide toolbar without their consent together with free software downloaded from the Internet.

Although this browser extension claims to make Internet browsing more productive by displaying maps and important news, it adds no significant value, causes unwanted browser redirects, and generates intrusive ads.

What is PadCrypt?

PadCrypt is a ransomware distributed via spam emails. On initial inspection, the attached infected file looks like a PDF, however, it is a zip archive.

Once infiltrated, PadCrypt encrypts various files (photos, videos, etc.) using the AES-256 encryption algorithm. It adds .padcrypt extension to the encrypted files. A .txt file is then created containing a message stating that the victim must pay a ransom, otherwise the files will remain encrypted forever.

What is searchanonymo.com?

Search Anonymo is a deceptive application that supposedly allows users to stealthily browse the Internet, hiding their location and other private details. Judging on appearance alone, Search Anonymo may appear legitimate and useful, however, this app is categorized as a potentially unwanted program (PUP) and a browser hijacker.

There are three main reasons for these negative associations: 1) stealth installation without consent; 2) modification of web browser settings, and; 3) tracking of users' Internet browsing activity.