Virus and Spyware Removal Guides, uninstall instructions

What is Esmeralda?

Identical to Kangaroo, Esmeralda is an updated version of Apocalypse ransomware. Following infiltration, Esmeralda encrypts various files and appends the ".encrypted" extension to the name of each encrypted file. For instance, "sample.jpg" becomes "sample.jpg.encrypted".

A pop-up window is then displayed and text files are created, the names associated with the encrypted files (for example, "sample.jpg.How_To_Decrypt.txt"). The pop-up and text files contain an identical ransom-demand message.

What is Kangaroo?

Kangaroo is a new variant of file-encryption ransomware called Apocalypse. Following successful infiltration, Kangaroo encrypts files and appends their names with the ".crypted_file" extension (for example, "sample.jpg" becomes "sample.jpg.crypted_file").

Once files are encrypted, Kangaroo opens a pop-up message and creates identical text files beside each encrypted file. The text file names are associated with the encrypted files (for example, "sample.jpg.crypted_file.Instructions_Data_Recovery.txt"). The pop-up message and text files contain an identical ransom-demand message.

What is Command Prompt?

Discovered by Jakub Kroustek, Command Prompt is a ransomware-type virus that allegedly encrypts victims' files. There are two variants of this malware: "PayDOS" and "SERPENT". Following infiltration, this ransomware 'encrypts' files and opens a command prompt (cmd), which contains a ransom-demand message.

What is webstarts.biz?

webstarts.biz is presented as a legitimate Internet search engine that supposedly enhances the web browsing experience by generating improved search results and providing quick access to a number of popular websites.

This functionality might appear legitimate and useful, however, webstarts.biz is promoted via rogue software downloaders and installers designed to hijack web browsers and stealthily modify various browser options. In addition, webstarts.biz continually monitors users' Internet browsing activity.

What is Winrared?

Winrared is a ransomware-type virus that infiltrates the system and locks all files by adding them to a single password-protected archive called "YourFilesHere-OpenWithWinrar.ace". This is very uncommon to ransomware-type viruses, since most encrypt files using symmetric/asymmetric encryption algorithms.

Once files are archived, Winrared ransomware creates two files ("RECOVERYOURFILES.HTML" and "RecoverYourFiles.jpg" [set as victim's desktop wallpaper]) and places them on the desktop.

What is Slithermon?

Slithermon is a rogue application that supposedly allows users to play a popular browser arcade game called "Slither.io" directly from the desktop. This functionality may seem legitimate and useful, however, this application is not genuine and has no association with the actual game.

Slithermon often infiltrates systems without users' consent. Furthermore, it displays intrusive online advertisements and records various user/system data. For these reasons, Slithermon is categorized as adware and a potentially unwanted program (PUP).

What is searchemyn.com?

Identical to doseofhealthy.com, miyake-inc.com, searchisweb.com, and many other sites, searchemyn.com is a fake Internet search engine claiming to generate improved results. The appearance of this site is very similar to Google, Bing, Yahoo, and other legitimate search engines.

Therefore, users often believe that searchemyn.com is also legitimate. In fact, developers employ deceptive software download/installation set-ups to promote this website. Furthermore, the site continually records information relating to web browsing activity.

What is smartinf.ru?

Developers present smartinf.ru as a legitimate Internet search engine that generates improved search results and provides local weather forecasts, currency rates, latest news, etc.

This functionality may seem legitimate and useful, however, developers promote this site via rogue software downloaders and installers that hijack web browsers and modify various options without users' consent. In addition, smartinf.ru continually records information relating to users' Internet browsing activity.

What is BTC?

BTC is a ransomware-type virus first discovered by Michael Gillespie. After infiltrating the system, BTC encrypts various types of stored files.

During encryption, this malware appends the ".BTC" extension to the name of each encrypted file (for example, "sample.jpg" becomes "sample.jpg.BTC"). Following successful encryption, BTC creates a text file ("BTC_DECRYPT_FILES.txt") and places it on the desktop.

What is Hollycrypt?

First discovered by Michael Gillespie, Hollycrypt is malware based on open-source ransomware called "Hidden Tear". Following infiltration, Hollycrypt encrypts files and renames them by appending the ".Hollycrypt" extension. For example, "sample.jpg" becomes "sample.jpg.Hollycrypt". Hollycrypt then creates a text file ("read_this_shit.txt") and places it on the desktop.