Virus and Spyware Removal Guides, uninstall instructions

What is Martian Arcade?

The Martian Arcade (MartianArcade) application supposedly allows users to play various arcade games.

On initial inspection, Martian Arcade may seem legitimate and useful, however, this app is classed as adware and a potentially unwanted program (PUP), since it infiltrates systems without users’ permission, causes unwanted browser redirects, and continually delivers various intrusive online advertisements.

What is bitable.com?

Bitable.com is a fake Internet search engine that claims to generate the most relevant search results, thus improving users' web browsing experience.

The appearance of bitable.com is similar to Google, Bing, Yahoo, and other legitimate search engines. In fact, this website is promoted using dubious software 'installers' that hijack Internet browsers and stealthily modify their settings. In addition, bitable.com continually gathers various information about users' web browsing activity.

What is Weather Chick'n?

Weather Chick'n is promoted as an application that provides the latest weather forecasts. Initially, this functionality may seem legitimate, however, research shows that this application often infiltrates systems without users’ permission.

Furthermore, Weather Chick'n tracks users' web browsing activity and continually delivers various intrusive online advertisements. For these reasons, this PUP is classed as adware and a potentially unwanted program (PUP).

What is Swiki?

Swiki is a dubious browser extension that claims to allow users to search various websites and social networks (for example, Wikipedia, Twitter, Youtube, Yahoo, etc.) - "Boost your web and social search with Swiki! Our plugin lets you perform an Internet search using multiple search engines, deal websites, and social networks all at the same time." 

On initial inspection, Swiki may seem legitimate and useful, however, this extension often infiltrates computers without users' consent. In addition, Swiki continually monitors users' web browsing activity and delivers various intrusive online advertisements. For these reasons, it is classed as a potentially unwanted program (PUP) and adware.

What is ads by [random letters]?

Ads by [random letters], [random letters] Ads, Powered by [random letters], and other similarly-marked ads, are generated by various types of potentially unwanted programs (PUPs) such as Shopperz and Groover. By [random letters] we mean that the words that advertisements are marked with are merely random letters.

Examples include Ads by Suvpatoj, Powered by Negmirvaaiw, Powered by Triangulum, Ads by Albireo, Ads by Giolmujiwecder among many others.

Potentially unwanted programs that generate these ads claim to enhance the web browsing experience, however, these apps are classed as adware, since they infiltrate systems without users’ consent, generate intrusive advertisements, and gather various information relating to users' web browsing activity.

What is search.startjoysearch.com?

Search.startjoysearch.com is a deceptive website identical to dozensearch.com, yessearches.com, searchvvay.com, and a number of other dubious sites.

Search.startjoysearch.com claims to be a legitimate Internet search engine, however, developers promote this site using dubious installer set-ups designed to stealthily modify web browser settings. Furthermore, search.startjoysearch.com continually monitors users' web browsing activity.

What is MISCHA?

Created by the developers of Petya, Mischa is another ransomware virus that infiltrates victims' computers and then encrypts files. This virus is distributed using malicious email attachments that are commonly delivered as fake job application forms.

The files are encrypted using the asymmetric algorithm and, thus, two keys (public to encrypt and private to decrypt) are generated during encryption.

Mischa extends the names of encrypted files with one of the following extensions: .cRh8, .3P7m, .aRpt, .eQTz, or .3RNu. This ransomware also creates .txt and .html files (both named YOUR_FILES_ARE_ENCRYPTED) and places them in each folder containing the encrypted files.

What is Crypren?

Crypren is a ransomware-type virus that stealthily infiltrates victims' computers and encrypts stored files. It also extends the name of each encrypted file with a .ENCRYPTED extension. These files are encrypted using the asymmetric encryption algorithm.

Therefore, public (to encrypt) and private (to decrypt) keys are generated during this process. After encryption, Crypren creates a READ_THIS_TO_DECRYPT.html file and places it in each folder containing the encrypted files. The html file contains a message stating that victims' files have been encrypted and that they must pay a ransom to decrypt them.

What is CryptoHitman?

CryptoHitman is a ransomware-type virus that encrypts victims' files. During encryption, CryptoHitman adds a .porno, .pornoransom extension to the name of each encrypted file. This makes it straightforward to determine which files are encrypted. A message is then displayed stating that the victim can only restore these files by paying a ransom.

What is UNLOCK_FILES_INSTRUCTIONS?

UNLOCK_FILES_INSTRUCTIONS is a ransomware-type virus distributed using malicious email attachments. After system infiltration, this ransomware encrypts users' files and adds a .locked or .zyklon extension to each affected file. Files are encrypted using the AES-256 asymmetric algorithm and, thus, public and private keys are generated during encryption.

The public key is used to encrypt files, whilst the private to decrypt. The private key, however, is stored on remote servers controlled by cyber criminals. Therefore, to restore their data, victims are encouraged to pay a ransom.