Virus and Spyware Removal Guides, uninstall instructions

What is search.snapdo.com?

The Search.snapdo.com browser redirect issue is caused by a browser toolbar developed by ReSoft Ltd. This browser add-on is compatible with Internet Explorer, Google Chrome, and Mozilla Firefox. The SnapDo toolbar promises to enhance Internet users' browsing experience by displaying quick links to social networks, Wikipedia, radio stations, etc.

While this added functionality may seem useful, many computer users report that the toolbar was installed on their Internet browsers without their consent and they experience unwanted redirects to search.snapdo.com Redirects to this website are not related to malware or viruses, however, computer users who experience this problem, are likely to have been tricked into installing the SnapDo toolbar when downloading or installing free software.

What is search.logicwhatever.com?

Identical to search.emptovo.com, search.gracepot.com, search.nunu-app.com, and many others, search.logicwhatever.com is a fake Internet search engine that falsely claims to generate improved search results. 

Judging on appearance alone, search.logicwhatever.com may seem legitimate and useful, however, this website is promoted via deceptive download/installation set-ups that hijack Internet browsers and stealthily modify various options. Furthermore, search.logicwhatever.com continually gathers various user-system information.

What is Turkish FileEncryptor?

Turkish FileEncryptor is a ransomware-type virus that stealthily infiltrates systems and encrypts various data. During encryption, Turkish FileEncryptor appends the ".encryption" extension to the name of each encrypted file (for example, "sample.jpg" is renamed to "sample.jpg.encrypted").

Furthermore, this virus creates an XML file for each encrypted file. These files are named using the "[encrypted_file_name].manifest.xml" pattern (for example, "sample.manifest.xml"). Turkish FileEncryptor then creates a text file ("Beni Oku.txt") and opens a pop-up window (very similar to CTB-Locker pop-up), both containing ransom-demand notes.

What is Free WiFi Hotspot?

Free WiFi Hotspot is a deceptive application that falsely claims to allow users to share their Internet connections via WiFi. On initial inspection, this functionality may appear legitimate and useful, however, Free WiFi Hotspot often infiltrates systems without users' permission (the "bundling" method).

Furthermore, it delivers intrusive online advertisements and collects various user-system information relating to Internet browsing activity. For these reasons, Free WiFi Hotspot is categorized as adware and a potentially unwanted program (PUP).

What kind of malware is Revenge?

Revenge is a new variant of a ransomware-type virus called CryptoMix. It is also very similar to CryptoShield (another variant of CryptoMix ransomware). Criminals proliferate Revenge via a RIG Exploit Kit. They hack various websites and inject Javascript code that searches for visitors' computer vulnerabilities and attempts to install this ransomware.

Following infiltration, Revenge terminates a number of processes (to get access to various data) and starts encrypting files using AES-256 cryptography. In addition, this virus renames encrypted files using the "[32_random_characters].REVENGE" pattern. For instance, "sample.jpg" might be renamed to "G89AL1H0PJM34GNHEQBYF2DAZM820K4L.REVENGE" or similar.

Furthermore, Revenge runs several commands to delete Shadow Volume Copies and disable Windows Startup Recovery. It then creates a text file ("# !!!HELP_FILE!!! #.txt"), placing it in each folder containing encrypted files.

What is ClearScreen Player?

ClearScreen Player is a deceptive application identical to NowUSeeIt Player and Playthru Player. 

The developers claim that ClearScreen Player allows users to play online videos directly from the desktop without using any browser - "The ClearScreen Player is based on one simple but brilliant idea: an enjoyable online video viewing experience – without the browser!" .

This functionality may seem legitimate, however, ClearScreen Player is classed as a potentially unwanted program (PUP) and adware. This PUP infiltrates systems without users’ permission, continually tracks users' web browsing activity, and delivers intrusive online advertisements.

What is TinyWallet?

The TinyWallet browser add-on displays coupon and discount ads when users visit online shopping websites such as eBay, Amazon, Walmart, etc. The add-on is compatible with Internet Explorer, Google Chrome, and Mozilla Firefox. Note that while the functionality of TinyWallet may seem legitimate, many Internet users refer to this browser add-on as a virus or malware.

These negative associations are made since this browser extension installs on users' computers together with free software downloaded from the Internet. Furthermore, users often feel that it was installed without their consent. The source of unwilling installations such as these are free software download websites that use 'download clients' to monetize incoming web traffic.

What is PriceChop?

The PriceChop rogue browser add-on claims to save time and money by displaying special offers and discounts while browsing shopping websites. This functionality may appear useful and legitimate, however, be aware that PriceChop is categorized as a potentially unwanted program (PUP) or adware.

The developers of this rogue browser plug-in employ a deceptive software marketing method called 'bundling' to stealthily install PriceChop on Internet browsers (Internet Explorer, Google Chrome, and Mozilla Firefox) without users' permission.

Most users inadvertently install PriceChop when downloading free software via small programs called 'download managers' on freeware download websites such as download.com, soft32.com, softonic.com, and many others. Following successful infiltration, this PUP generates intrusive online advertisements and tracks users' Internet browsing activity.

What is Karmen?

Karmen is a ransomware-type virus discovered by a group of security researchers called MalwareHunterTeam. This malware is based on Hidden Tear - an open source ransomware project. Once infiltrated, Karmen encrypts various files using AES cryptography.

During encryption, Karmen appends the ".grt" extension to the name of each compromised file (for example, "sample.jpg" is renamed to "sample.jpg.grt"). Karmen then opens a pop-up window that contains a ransom-demand message.

What is GoSave?

The GoSave rogue browser add-on claims to save time and money by displaying special offers and discounts while browsing shopping websites. This functionality may appear useful and legitimate, however, be aware that GoSave is categorized as a potentially unwanted program (PUP) or adware.

The developers of this rogue browser plug-in employ a deceptive software marketing method called 'bundling' to stealthily install GoSave on Internet browsers (Internet Explorer, Google Chrome, and Mozilla Firefox) without users' permission.

Most users inadvertently install GoSave when downloading free software via small programs called 'download managers' on freeware download websites such as download.com, soft32.com, softonic.com, and many others. Following successful infiltration, this PUP generates intrusive online advertisements and tracks users' Internet browsing activity.

These intrusive advertisements include coupon, banner, pop-up, search, in-text, and interstitial ads. There is a high probability that clicking these advertisements will lead to high-risk adware or malware infections.