BugsFighter

Search.bravogol.com is third-party search engine, that installs in Safari, Google Chrome and Mozilla Firefox browsers on Mac OS. It comes along with extension called Bravogol, that modifies browser settings, such as homepage, default search engine and new tab. Add-on also doesn't allow users to revert the changes back. When users types queries in Search.bravogol.com, browser is redirected to search.yahoo.com. After removal of Bravogol from browser, settings remain unchanged. Authors of this hijacker offer removal tool for Search.bravogol.com called Uninstall.dmg on their website, that will, probably, reset the settings. However, we do not recommend downloading additional software from developers of adware and hijackers developers.

AUDIT Ransomware is yet another version of notorious ransomware virus from Crysis-Dharma-Cezar family. Now it adds .AUDIT extension to encrypted files (please, do not confuse with Nessus Pro's report files). This variation of ransomware currently doesn't have decryptor, however, we recommend you to try instructions below to recover affected files. Dharma-AUDIT Ransomware appends suffix, that consists of several parts, such as: unique user's id, developer's e-mail address and, finally, .AUDIT suffix, from which it got its name. The pattern of filename modification looks like this: file called 1.doc will be converted to 1.doc.id-{8-digit-id}.[{email-address}].AUDIT. According to our information, hackers demand $10000 ransom from the victims. Bad news are, that using cryptocurrency and TOR-hosted payment websites makes it almost impossible to track the payee. Besides, victims of such viruses often get scammed, and malefactors don't send any keys even after paying the ransom. Unfortunately, manual or automatic decryption is impossible unless ransomware was developed with mistakes or has certain execution errors, flaws or vulnerabilities. We do not recommend to pay any money to malefactors. However, good news are, that often, after some period of time security specialists from antivirus companies or individual researchers decode the algorithms and release decryption keys or police finds servers and unveils the master keys.

Your Template Finder Toolbar is misleading browser add-on for Google Chrome, Mozilla Firefox or Internet Explorer. It was developed by IAC Applications a.k.a. MindSpark Interactive Network, well-know developer of adware applications and hijacking toolbars. YourTemplateFinder, according to the developers, provides access to design templates for your business, such as PowerPoint templates, website, e-mail and logo templates, business planners and calendars. Along with that, you get toolbar with search box and quick access links to weather and social widgets. Search engine and homepage settings in your browsers are compromised and modified to hp.myway.com.

QuickPDFMerger Toolbar or Quick PDF Merger New Tab is annoying browser hijacker, that infects Safari, Google Chrome, Mozilla Firefox or Internet Explorer on Windows or MacOS. Extension was developed by IAC Applications a.k.a. MindSpark Interactive Network - notorious vendor of toolbars and adware platforms. QuickPDFMerger is add-on, that helps users perform various actions with PDF files, for example, combine several files into one, convert such files into other formats, create slideshows and share files on multiple platforms using different tools. Unfortunately, along with aforementioned features QuickPDFMerger Toolbar does certain modifications with browser settings. It replaces homepage to hp.myway.com and redirects user's search queries to int.search.myway.com, that, presumably, is enhanced and powered by Google, however, provides search results stuffed with sponsored links and excessive advertising.

CryptConsole 3 Ransomware is the successor of CryptConsole and CryptConsole 2 ransomware viruses. This crypto-extortionist encrypts data on servers and PCs using AES, and then requires a ransom of 0.14 BTC (or sometimes $50) to return files. Virus was created on C# for the Microsoft .NET Framework. The third generation of CryptConsole started spreading in June, 2018. Most of variations extort 50$. They offer to decrypt 1 file for free, but the overall cost will then increase on 50$. Mention that CryptConsole 1 and CryptConsole 2 can be decrypted with a tool developed by Michael Gillespie (download below). The third version is currently undecryptable. You can restore files form bacckups, but if you don't have backups, follow instructions below to attmempt restoring files using standard Windows featutes or using file-recovery software.

GandCrab V5.0.5 Ransomware is fifth generation of high-risk GandCrab Ransomware. Probably, this virus was developed in Russia. This crypto-extortor encrypts user and server data using the Salsa20 algorithm, and RSA-2048 is used for auxiliary key encryption. 5-th version appends .[5-random-letters] extension to encrypted files and creates ransom note called [5-random-letters]-DECRYPT.txt. Examples of ransom notes: VSVDV-DECRYPT.html, FBKDP-DECRYPT.html, IBAGX-DECRYPT.html, QIKKA-DECRYPT.html. GandCrab V5.0.5 Ransomware demands $800 ransom in BitCoins or DASH cryptocurrencies for decryption. However, often, malefactors deceive users and don't send keys. Thus, victim won't recover her/his files, but put credentials at risk on doubtful exchange of cryptocurrencies.

MacOSDefender or MacOSDefender.app is malicious application for MacOS, that takes over search and homepage settings in Safari, Google Chrome or Mozilla Firefox. While searching for something, users can see multiple redirects, for example: goto-searchitnow.global.ssl.fastly.net -> my-search.com -> searchroute-1560352588.us-west-2.elb.amazonaws.com -> alphashoppers.co. Some of this web addresses figured in our previous articles, from what we can make a conclusion, that those hijackers have similar roots and, probably, one team of developers.

There are a lot of hijackers, that install Search.yahoo.com (Us.yhs4.search.yahoo.com) as default search engine and homepage. Search engines fight for the market and different companies use various ways to distribute their product. Along with their own browser add-ons Yahoo is partnering with thousands of software developers and webmasters, allowing them to earn by driving traffic and customers to search.yahoo.com website. Developers earn on user clicks on ads inside Yahoo Search or just per each installation of Yahoo search products in browsers.