Virus and Spyware Removal Guides, uninstall instructions

What kind of application is IntegrationAdmin?

IntegrationAdmin generates advertisements and changes the web browser's settings (hijacks a web browser) to promote a fake search engine. Most users download and install adware and browser-hijacking apps inadvertently. Thus, IntegrationAdmin and similar apps are called potentially unwanted applications (PUAs).

What kind of application is Search With Incognito?

Search With Incognito is a browser hijacker designed to promote searchwithouthistorysearch.com. It changes the web browser's settings to promote a fake search engine. Usually, browser-hijacking apps are promoted/distributed using questionable methods. Thus, users do not download/install them on purpose.

What kind of malware is Nhuie?

Nhuie is ransomware. It encrypts files to make them inaccessible for victims. Also, Nhuie renames all of the encrypted files (it appends a string of random characters and the ".nhuie" extension to filenames) and creates the "8Axs_HOW_TO_DECRYPT.txt" file (a ransom note).

For example, it renames "1.jpg" to "1.jpg.GXCo07v2AOSADlS44hLpCoTNTO-JdOvXpLYN0x4INgL_LLqkie2bw7A0.nhuie", "2.txt" to "2.txt.GXCo07v2AOSADlS44hLpCoTNTO-JdOvXpLYN0x4INgL_LLqkie2bw7A0.nhuie".

What kind of malware is Surtr?

Surtr is ransomware. Malware of this type encrypts files (and renames them) and generates a ransom note. Surtr appends the decryptmydata@mailfence.com email address and the ".SURT" extension to filenames.

For example, it renames "1.jpg" to "1.jpg.[DecryptMyData@mailfence.com].SURT", "2.jpg" to "2.jpg.[DecryptMyData@mailfence.com].SURT". Ransomware may also append ".Surtr" extension and instead of ".SURT" at the end of the filename.

Surtr's ransom notes are provided in the "SURTR_README.txt" and "SURTR_README.hta" files (the second file opens a pop-up window). This ransomware also changes the desktop wallpaper. It was discovered by S!Ri.

What kind of software is LogStandard?

LogStandard generates annoying advertisements and changes web browser's settings to promote a fake search engine. This app has the qualities of advertising-supported and browser-hijacking software. Users rarely download and install such apps knowingly. Thus, LogStandard and similar apps are categorized as potentially unwanted applications (PUAs).

What kind of malware is Razer?

Razer is ransomware that encrypts files, appends a string of random characters, the razer1115@goat.si email address, and ".razer" extension to filenames. It provides instructions on how to contact the attackers for data decryption in the "readme-warning.txt" text file.

An example of how Razer renames files: it changes "1.jpg" to "1.jpg.[42990E91].[razer1115@goat.si].razer", "document.txt" to "document.txt.[42990E91].[razer1115@goat.si].razer", and so on.

What kind of software is FileClick?

FileClick has two purposes: to generate advertisements and hijack a web browser (promote a fake search engine). Typically, apps like FileClick are promoted and distributed using shady websites, installers, and other deceptive methods. Thus, users download and install them unintentionally.

What kind of malware is RED?

RED is ransomware - a type of malware that encrypts files. It also modifies filenames, displays a ransom note in a pop-up window, and provides another one as the "info.txt" file. RED renames files by appending the victim's ID, redline@onionmail.org email address, and the ".RED" extension to filenames.

For example, it renames "file.jpg" to "file.jpg.id-1E857D00.[redline@onionmail.org].RED", "document.txt" to "document.txt.id-1E857D00.[redline@onionmail.org].RED". RED is part of the Dharma ransomware family.

What kind of software is ManagerDisplay?

ManagerDisplay is adware that generates advertisements, hijacks a web browser (to promote a fake search engine), and collects information. A big part of software of this type is promoted and distributed using questionable, deceptive methods. It means that most adware gets downloaded and installed without users knowing about it.

What kind of malware is WannaBitcoin?

WannaBitcoin is ransomware designed to encrypt files, append the ".wannabitcoin" extension to filenames, and provide three ransom notes. WannaBitcoin displays a pop-up window, creates the "READ ME TO RECOVER YOUR FILES.wannabitcoin.txt" file, and changes desktop wallpaper. All three of them contain a ransom note.

An example of how WannaBitcoin modifies filenames: it changes "1.jpg" to "1.jpg.wannabitcoin", "sample.png" to "sample.png.wannabitcoin", and so on.