Virus and Spyware Removal Guides, uninstall instructions

What is IHA ransomware?

IHA is a new variant of the NoCry ransomware. It operates by encrypting data (i.e., locking files) and demanding payment for the decryption.

During the encryption process, affected files are appended with a ".IHA" extension. For example, a file like "1.jpg" would appear as "1.jpg.IHA", "2.jpg" as "2.jpg.IHA", etc. Once this process is complete, this ransomware changes the desktop wallpaper and displays a pop-up window containing the ransom-demanding message.

What is LOCK2G?

LOCK2G encrypts files and replaces their filenames with a string of random characters, victim's ID, and appends the ".LOCK2G" extension. For example, it renames a file named "1.jpg" to "QYRPNDIZAQ.ITOQWOCYENCFOOJAMLUFYYNIC.LOCK2G", "2.jpg" to "KUBCRLJSPW.ITOQWOCYENCFOOJAMLUFYYNIC.LOCK2G".

LOCK2G also creates a ransom note, the "!!!Recovery File.txt" text file. This file contains contact information and additional details.

What is the "Amazon Prime" email scam?

"Amazon Prime email scam" refers to a spam campaign. These German-language scam emails claim that recipients have been selected to get a special offer on Amazon Prime - the subscription program of the tech giant's Amazon's e-commerce section.

It must be emphasized that the letters in question are fake and in no way associated with Amazon Prime or Amazon.com, Inc.

What kind of application is MapsCheckerSearch?

The purpose of MapsCheckerSearch is to promote the mapschecker.com/a fake search engine by modifying web browser settings. It could also be capable of collecting various information about its users. It is uncommon for apps like MapsCheckerSearch to be installed by users intentionally. Thus, they are called potentially unwanted apps (PUAs).

What is Pqgs ransomware?

Pqgs is a malicious program that is part of the Djvu ransomware family. It encrypts data (renders files inaccessible) and demands payment for the decryption (access recovery).

Affected files are appended with a ".pqgs" extension. To elaborate, a file initially titled "1.jpg" would appear as "1.jpg.pqgs", "2.jpg" as "2.jpg.pqgs", "3.jpg" as "3.jpg.pqgs", and so forth. Afterwards, a ransom note - "_readme.txt" - is created.

What kind of application is JustAdblockSearch?

JustAdblockSearch is a browser hijacker that modifies browser settings to promote a fake search engine (justadblocksearch.com). It is common for browser hijackers to be promoted and (or) distributed using questionable methods. Thus, they are categorized as potentially unwanted applications (PUAs).

What kind of malware is Iisa?

Iisa is ransomware designed to encrypt files, create the "_readme.txt" file containing payment and contact information, and rename encrypted files. It appends the ".iisa" extension filenames, for example, it changes "1.jpg" to "1.jpg.iisa", "sample.jpg" to "sample.jpg.iisa". Iisa is part of the Djvu ransomware family.

What is PDFFreeSearch?

PDFFreeSearch is a piece of browser-hijacking software. It promotes the pdffreesearch.com fake search engine. Additionally, due to the questionable methods used to distribute browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).

What is LeadingProtocol?

LeadingProtocol is a piece of advertising-supported and browser-hijacking software. This app has been observed being proliferated via fake Adobe Flash Player updates. Due to the dubious methods used to distribute LeadingProtocol, it is also categorized as a PUA (Potentially Unwanted Application).

What is the "FileShare" email?

"FileShare email scam" refers to a spam campaign. These letters claim that several files have been shared with the recipients. It must be emphasized that the "FileShare" emails are fake, and none of their claims are true. Therefore, by trusting these messages, users can experience various severe issues.