Virus and Spyware Removal Guides, uninstall instructions

What is Facebook Notifications?

Facebook Notifications is a rogue browser plug-in that supposedly notifies users of various activity on Facebook.

On initial inspection, this bogus program may seem legitimate and useful, however, due to rogue behavior, Facebook Notifications is classed as adware and a potentially unwanted program (PUP), since it infiltrates computers without users' permission, continually monitors browsing activity, and delivers various intrusive online adverts.

What is Classic For Facebook?

Developed by Yontoo, Classic For Facebook is a dubious browser extension that claims to change Facebook's web layout. On initial inspection, this application may seem legitimate and useful, however, it is classed as a potentially unwanted program (PUP) and adware.

There are three main reasons for these negative associations - stealth installation without users' permission, tracking of web browsing activity, and display of various intrusive online advertisements.

What is SATANA ransomware?

!SATANA! is a combination of Petya and MISCHA ransomware-type viruses. It is designed to silently infiltrate computers and then encrypt various files.

This program targets the following file formats: .bak, .doc, .jpg, .jpe, .txt, .tex, .dbf, .db, .xls, .cry, .xml, .vsd, .pdf, .csv, .bmp, .tif, .1cd, .tax, .gif, .gbr, .png, .mdb, .mdf, .sdf, .dwg, .dxf, .dgn, .stl, .gho, .v2i, .3ds, .ma, .ppt, .acc, .vpd, .odt, .ods, .rar, .zip, .7z, .cpp, .pas, and .asm.

During encryption, !SATANA! changes the name of each encrypted file to the following format: Gricakova@techemail.com_[original file name]. For instance, "sample.jpg" is renamed to "Gricakova@techemail.com_sample.jpg". New variants of this ransomware append files with a ".SATANA" extension (more information below).

Following successful encryption, !SATANA! opens a pop-up message stating that the victim's files have been encrypted. The same message is also presented in "!satana!.txt", which this ransomware creates and places in each folder containing encrypted files.

What is Oh My Tabs?

Oh My Tabs is a dubious application that supposedly provides various coupons, enables comparison shopping function, notifies of deals/discounts available on various online stores, and provides other similar features that supposedly save time and money while shopping online.

This might seem legitimate and useful functionality, however, Oh My Tabs is classed as a potentially unwanted program (PUP) and adware.

One of the main reasons for these negative associations is stealth installation without users' consent. After successful system infiltration, this app generates intrusive online advertisements and continually records various information relating to users' web browsing activity.

What is CryptoRoger?

CryptoRoger is a ransomware-type virus designed to stealthily infiltrate systems and stored files. To encrypt files, CryptoRoger uses an asymmetric AES-256 encryption algorithm. Therefore, public (encryption) and private (decryption) keys are generated during the process.

Furthermore, CryptoRoger appends the name of each encrypted file with .crptrgr (for example, sample.jpg is renamed to sample.jpg.crptrgr. This makes it straightforward to determine which files are encrypted.

What is CryptoShocker?

CryptoShocker is a ransomware that infiltrates computers and encrypts stored files. This virus appends the name of each encrypted file with a .locked extension. Types of targeted files include .jpeg, .doc, .mp3, and many others. After successfully encrypting data, CyptoShocker creates a shortcut (called ATTENTION.url) to its Tor website, placing it on victims' desktops.

What is BartCrypt?

BartCrypt (or 'Bart') is a ransomware-type virus distributed using malicious email attachments that appear as .zip files. The name of these files often varies (for example, pictures.zip, photos.zip, images.zip, and other words describe a graphical image).

Each zip file contains a .js (JavaScript) file that downloads and installs RockLoader malware, which, in turn, downloads BartCrypt ransomware.

Once infiltrated, BartCrypt immediately encrypts various file types (for example, .doc, .jpeg, .mp3, .mp4, etc.) stored on the victim's computer. This ransomware also changes the desktop wallpaper to recover.bmp and creates a recover.txt file, placing it in each folder holding encrypted files.

What is KratosCrypt?

KratosCrypt is a ransomware virus that stealthily infiltrates computers, encrypting files using an asymmetric AES encryption algorithm.

This virus appends the name of each encrypted file with a .kratos extension. Following successful encryption, KratosCrypt creates a README_ALL.html file and places it in each folder containing encrypted files. This file contains a ransom-demand message.

What is NegozI?

NegozI is a ransomware-type virus similar to Sanction and RemindMe. Once infiltrated, NegozI encrypts various files and adds .evil as an extension to the name of each encrypted file. The following files are then created: decrypt_your_files.txt and decrypt_your_files.html. These are placed in each folder containing encrypted files.

What is urban-search.com?

urban-search.com is a fake Internet search engine identical to searchonlineusa.com. Judging on appearance alone, urban-search.com may seem legitimate, however, developers promote this bogus website using dubious software 'installers' that modify Internet browser settings without users' permission.

Furthermore, this bogus site continually gathers various user/system information relating to users' web browsing activity.