Virus and Spyware Removal Guides, uninstall instructions

What is Threat Finder?

Threat Finder is ransomware distributed via fake downloads (rogue media players, fake Flash updates, etc.), infected e-mail messages, and particularly via the Anger Exploit Kit.

The Threat Finder virus can infect all windows operating systems including Windows XP, Windows Vista, Windows 7, and Windows 8. Once the system is successfully infiltrated, Threat Finder encrypts all files stored on the hard drive including *.txt, *.html, *.doc, *.docx, *.jpg, *.png, and many others.

Unlike other similar infections, Threat Finder does not change the names of encrypted files, and therefore, the only indication that your files have been encrypted is when you are unable to open and display them correctly.

After encrypting files, this ransomware creates a HELP_DECRYPT.HTML file on the victim's desktop, which is then opened with the default Internet browser. Users are ordered to pay a 1.25 BTC ransom in the bitcoin currency (approximately US$300) to regain control of their encrypted files.

What is UnknownFile?

UnknownFile is presented as a legitimate application used for opening files of unknown types. This application may seem legitimate and useful, however, UnknownFile is classed as adware or a potentially unwanted program (PUP).

UnknownFile is distributed using a deceptive software marketing method called 'bundling' (stealth installation of third party applications together with the chosen software), and therefore, users commonly install this adware together with free software downloadable on freeware download websites.

Following successful infiltration on Internet Explorer, Google Chrome, and Mozilla Firefox, UnknownFile generates various intrusive online advertisements. Clicking these ads can redirect you to various dubious websites containing infectious content, thereby exposing your computer to infection.

What is 1Player?

One Floor App Ltd (the developers of this application) claim that 1Player is a great tool, which not only plays various audio and video files, but also improves the quality of playback. Some users may find this app legitimate and useful, however, it is classed as adware or a potentially unwanted program (PUP).

The developers of this application employ a deceptive software marketing method called 'bundling' (stealth installation of third party apps together with the chosen software) to install 1Player on Internet browsers without users' permission.

Following successful infiltration on Internet Explorer, Google Chrome, and Mozilla Firefox, 1Player app delivers intrusive online advertisements such as banner, pop-up, etc. These generated advertisements may redirect you to bogus websites, thereby exposing your computer to infection.

What is MediaPlayerRS?

The developers of MediaPlayerRS claim that this software will enhance the playing of various media. This functionality may seem legitimate and useful, however, be aware that MediaPlayerRS is classed as adware or a potentially unwanted program (PUP).

The reason for this association is a software marketing method called 'bundling' employed by the developers to stealthily install apps together with regular software.

Following successful infiltration on Internet Explorer, Google Chrome, and Mozilla Firefox, MediaPlayerRS delivers intrusive online advertisements (coupons, banners), which redirect users to bogus websites. These websites may contain infectious content, thereby exposing your computer to infection.

What is CorAdviser?

CorAdviser is a rogue browser plug-in claiming to provide useful features such as coupons, comparison shopping, and the display of special deals/discounts available on shopping websites, all of which supposedly help to save time and money. While some users may find this functionality legitimate and useful, be aware that CorAdviser is classed as adware.

This negative association is made due to a deceptive software marketing method called 'bundling' (stealth installation of additional programs together with the chosen software) employed by the developers to distribute CorAdviser.

Following stealth installation on Internet Explorer, Google Chrome, and Mozilla Firefox, CorAdviser generates various intrusive online advertisements that are likely to redirect users to bogus websites. Clicking these generated ads exposes your computer to risk of infection.

What is search.fbdownloader.com?

The FBDownloader program enables users to download photos from FaceBook. This free software is developed by Htto Group Ltd, and while the program may appear legitimate, be aware that it modifies Internet browser settings and installs additional browser add-ons.

Many computer users report that their browsers redirect to search.fbdownloader.com after installation of this software. This redirect issue is not related to malware or virus infections, however, it is a consequence of not carefully inspecting each step during the installation phase of FBDownloader.

What is WebSmart App?

WebSmart App is a browser extension claiming to improve the web browsing experience by providing various useful tools. The developers of this browser plug-in employ a deceptive software marketing method called 'bundling' to install WebSmart App on Internet browsers without users' consent.

Bundling stealthily installs additional programs together with the chosen software, and for this reason, most users inadvertently install WebSmart App during download of free software. This dubious browser add-on claims to save time and money by enabling comparison shopping, coupons, and displaying special deals/discounts available within shopping websites.

Although this functionality may seem useful and legitimate, be aware that WebSmart App is categorized as adware or a potentially unwanted program (PUP). Following successful infiltration on Internet Explorer, Mozilla Firefox, and Google Chrome, this PUP generates intrusive online advertisements and tracks users' Internet browsing activity.

What is GetitHD?

The GetitHD browser add-on claims to be an effective tool to improve YouTube video quality. Although this extension may appear useful and legitimate, GetitHD is classed as a potentially unwanted program (PUP) or adware.

Be aware that this application employs a deceptive free software marketing method called 'bundling' (stealth installation of additional programs together with the chosen software) to install on Internet browsers without users' permission. 

GetitHD infiltrates Internet Explorer, Google Chrome, and Mozilla Firefox and generates intrusive online advertisements including banner, pop-up, search, interstitial, transitional, coupon, and full-page ads. These advertisements often lead to bogus websites containing infectious content, and therefore, there is a high probability that your computer will become infected.

What is XTab?

Created by Beijing ELEX Technology Co. Ltd, XTab is a potentially unwanted application. This software modifies Internet browser (Internet Explorer, Google Chrome, and Mozilla Firefox) homepage and default search engine settings, and browser shortcuts by assigning them to website URLS such as mystartsearch.com.

In addition, this adware 'protects' these settings by preventing further user-changes. Developers of this browser hijacker state that XTab is a useful desktop application helping to maintain users' selected browser settings, however, this application provides no real value and is created to simply to redirect users to various websites and prevent further modification of Internet browser settings.

What is EpicScale?

The EpicScale application is used to mine digital currency and is commonly distributed using the 'bundling' method (stealth installation of third party applications together with regular software). For this reason, EpicScale is categorized as a potentially unwanted program (PUP). At time of research, EpicScale was mostly bundled together with the uTorrent application.

This type of app is often bundled with free software, and therefore, most users inadvertently install EpicScale when downloading programs from freeware download websites such as download.com, soft32.com, softonic.com, etc. These websites monetize their traffic and free services via small programs called 'download clients' (also called 'download managers', 'installers', etc.).