Virus and Spyware Removal Guides, uninstall instructions

What is topresultssearch.com?

While investigating browser-hijacking software, our research team discovered the topresultssearch.com illegitimate search engine. Websites of this kind usually cannot generate search results, but topresultssearch.com is an exception. However, the results it provides include irrelevant and potentially harmful content.

These search engines are commonly promoted by browser hijackers. It is noteworthy that this software and the sites they push typically collect sensitive user data.

What kind of page is us-safehub[.]click?

While investigating dubious websites, our research team found the us-safehub[.]click rogue webpage. It is designed to run scams and promote browser notification spam. Furthermore, this page can redirect users elsewhere (likely untrustworthy/harmful) sites.

Most visitors to us-safehub[.]click and similar sites enter them through redirects caused by webpages using rogue advertising networks.

What kind of malware is Colour-Blind?

Colour-Blind is the name of a Remote Access Trojan (RAT) written in Python. This malware steals sensitive information and allows cybercriminals to perform various tasks on infected machines. Colour-Blind malware is also designed to evade detection. It is known that Colour-Blind is delivered via malicious PyPI packages.

What kind of malware is IceFire?

IceFire (also known as iFire) is ransomware that encrypts files, appends the ".iFire" extension to filenames, and creates the "iFire-readme.txt" file (a ransom note). The purpose of IceFire is to keep files inaccessible until a ransom is paid.

An example of how IceFire renames files: it changes "1.jpg" to "1.jpg.iFire", "2.png" to "2.png.iFire", and so forth. IceFire runs on both Windows and Linux operating systems.

What kind of malware is Cinoshi?

Cinoshi is the name of an information-stealing malware. There are several variants of this stealer, some of which have additional abilities – including botnet, clipper, and cryptominer functionalities. The presence of Cinoshi malware on the system can endanger both device integrity and user privacy.

What kind of email is "Junk Filter"?

After inspecting the "Junk Filter" email, we determined that it is spam. This fake letter offers a bogus junk/spam mail filter to prevent the influx of unwanted content to the recipient's inbox. The aim of this phishing email is to trick recipients into disclosing their mail account log-in credentials.

What is findmeday.com?

While examining findmeday.com, we found that it is a shady search engine that may provide misleading results. Typically, search engines of this sort are advertised through browser hijackers, which modify browser settings to promote the search engine. Users seldom download these applications intentionally.

What kind of application is Zoco PDF Viewer?

During our evaluation of the Zoco PDF Viewer application/browser extension, we observed that it exhibits intrusive advertisements, leading us to classify it as adware. Further analysis revealed that Zoco PDF Viewer has the ability to read and modify all data on any website. Our team discovered Zoco PDF Viewer on a deceptive site.

What kind of scam is "DHL - Shipment Designated"?

Upon inspection of the email, we have concluded that it is a phishing scam, where scammers attempt to obtain sensitive information from unsuspecting individuals. The email masquerades as a DHL shipment arrival notice and includes an attachment that leads to a fake login page.

What kind of malware is Coba?

Our research team encountered a ransomware dubbed Coba while analyzing malware samples submitted to VirusTotal. Coba belongs to the Djvu family and operates by encrypting the victim's files once it infects their computer. The original filename is modified by appending the ".coba" extension to it.

For instance, "1.jpg" becomes "1.jpg.coba" and "2.png" is changed to "2.png.coba", and so forth. Also, Coba generates a ransom note, a text file named "_readme.txt". It is worth noting that there is a possibility of Coba being distributed together with information stealers like RedLine and Vidar.