BugsFighter

MacPerformance is malicious application for MacOS, that belongs to OSX Pirrit adware family. It controls settings of Safari, Google Chrome, Mozilla Firefox to create redirects and display ads and pop-ups. It infiltrates Mac computers invisibly or by fraud and starts to generate advertisements, showing phishing pages, encouraging users to download potentially unwanted applications. Sometimes MacPerformance is offered to be installed in a bundle with good applications, and users, confused by the name of the program, think that this is optimisation software for MacOS, and allow installation.

KMSPico is illegal tool for unauthorized activation of Microsoft Windows, Microsoft Office and other products from this corporation. KMS (Key Management System) is technology, used by Microsoft to activate their software and services using local network or remote servers. It allows permanent activation and temporary (180 days) activation, which allows users to prolong unlawful usage of paid products. KMSPico can be categorized as hacktool for using pirated software. However, it is often bundled with RAT (Remote Access Trojan), PUP (potentially unwanted programs), adware or viruses. This allows hackers to obtain user's private information, such as passwords, credit card information and other. Malefactors can also create botnets from computers infected with KMSPico.

Everbe 2.0 Ransomware is second generation of wide-spread Everbe Ransomware. It is file-encryption virus, that encrypts user files using combination of AES (or DES) and RSA-2048 encryption algorithms and then extorts certain amount in BitCoins for decryption. The initial virus first appeared in March, 2018 and was very active since that time. Security researchers consider, that Everbe 2.0 Ransomware started its distribution on 4th of July 2018. Everbe 2.0 Ransomware authors demand from $300 to $1500 in BTC (BitCoins) for decryption, but offer to decrypt any 3 files for free. It is worth mentioning, that Everbe 2.0 Ransomware works only on Windows 64-bit versions of OS. Currently, there is no decryption tools available for Everbe 2.0 Ransomware, however, we recommend you to try using instructions and tools below.

GandCrab V4 Ransomware fourth generation of notorious GandCrab Ransomware. Virus uses complex combination of AES-256 (CBC-mode), RSA-2048 and Salsa20 encryption algorithms. This particular version adds .KRAB extension to encrypted files and creates slightly different ransom note called KRAB-DECRYPT.txt. GandCrab V4 Ransomware demands ransom in BitCoins. Usually, it varies from $200 to $1000. Malware encrypts all types of files except ones in the whitelist and some necessary for Windows operation. All photos, documents, videos, databases get exncrypted after indection. Virus uses WMIC.exe shadowcopy delete command to remove shadow copies and reduce the chances of recovery. Unfortunately, at the moment we write this article, current decryption tools cannot decrypt GandCrab V4 Ransomware, but we will still provide links to this utilities as they can be updated any day.

Bing.com is legitimate search engine, that belongs to Microsoft Corporation, provides great search results and can be used as homepage and default search engine in Google Chrome, Mozilla Firefox, Safari, Opera, Edge and Internet Explorer. It is the third biggest search engine in USA. However, its domain name, design and search results are exploited by indecent search partners, that use it for their own selfish purposes. Such affiliates create multiple browser extensions and domains, like SearchModule, Search Protection, Bing.Vc, BingProtect to take control over browser search engine and homepage settings and redirect users to Bing.com. Malefactors earn on advertising comission from original Bing.com search, but use unethical methods to infiltrate computers. In this article we will mostly describe the cases of malware infection that causes redirects to Bing.com and methods to remove them.

Spyder-finder.com is unsafe search engine, that, with help of browser extension Spyder Finder, seizes control over browser settings in Safari and Google Chrome on MacOS. Hijacker originates from Israel. It replaces homepage and default search engine settings, redirects searches to https://www.webcrawler.com. This is well-known advertising third-party search engine associated with numerous hijackers. Homepage of Spyder-finder.com resembles famous search engines, has quick access shortcuts for famous shopping sites and link to a landing page of potentially unwanted CleanMyMac application.

Qweuirtksd Ransomware is dangerous ransomware-type virus, that encrypts user files using AES-128 cryptography algorithm and demands $500 ransom in Bitcoins for decryption. All files encrypted by this malware receive .qweuirtksd extension. In most cases, Qweuirtksd Ransomware is initiated after manual (or semi-automatic) hacking of the computer. Attacks are coming from IP adresses in Russia, and according to the information on BleepingComputer forum malefactors are russians. Hackers offer to negotiate to reduce ransom amount for private users. We do not recommend to pay the ransom and attempt restoring encrypted files with help of instructions on this page.

Searchpage.com and SearchPage Tab is are, respectively, dubiuos search engine and browser add-on, that modifies search engine and homepage settings in Safari, Google Chrome, Mozilla Firefox and other browsers. It is also responsible for display of ads, pop-ups and notifications from Searchpage.com. This hijacker was developed by Iron Mountain Technology Limited, with headquaters situated in Hong Kong, as it is stated on their website. The site has a purely advertising purposes, having no value to the end user. Search requests typed in search box on the main page are redirected to search.yahoo.com.