Virus and Spyware Removal Guides, uninstall instructions

What kind of application is SharedProjector?

SharedProjector is a rogue application discovered by our researchers during a routine check on new submissions to VirusTotal. Following our analysis, we determined that this app is advertising-supported software (adware) from the AdLoad malware family.

What kind of application is GallantBounce?

We discovered the GallantBounce adware-type app while investigating new file submissions to the VirusTotal site. This piece of software is part of the AdLoad malware family. GallantBounce runs intrusive ad campaigns, and it may have additional harmful capabilities.

What kind of malware is RA World?

Our researchers found the RA World ransomware during a routine inspection of file submissions to the VirusTotal platform. Ransomware operates by encrypting files in order to demand payment for their decryption.

On our testing system, RA World encrypted files and appended their filenames with a ".RAWLD" extension. Hence, a file initially named "1.jpg" appeared as "1.jpg.RAWLD", "2.png" as "2.png.RAWLD", etc. After the encryption was completed, a ransom-demanding message titled "Data breach warning.txt" was created. Based on the text therein, it is evident that this ransomware employs double extortion tactics.

What kind of software is DarkiTon?

Our research team discovered the DarkiTon browser extension while investigating suspect websites. This piece of software is promoted as a tool for websites that enables dark mode with a blue light filter.

After analyzing this extension, we determined that it is adware with browser hijacker capabilities. DarkiTon is designed to run intrusive ad campaigns and generate redirects. Furthermore, it collects sensitive user information.

What kind of application is MediaService?

Our assessment reveals that MediaService is a potentially harmful application distributed through a malicious installer. The installation of MediaService occurs simultaneously with various other undesirable components. Users are advised to remove MediaService and all related files as soon as possible.

What kind of malware is Xro?

Our researchers found the Xro ransomware while reviewing new malware submissions to the VirusTotal platform. This malicious program is part of the Xorist ransomware family.

After we launched a sample of Xro on our test system, it encrypted files and altered their names. Original filenames were appended with a ".xro" extension, e.g., a file titled "1.jpg" appeared as "1.jpg.xro", "2.png" as "2.png.xro", and so forth for all of the affected files.

Following the encryption's completion, identical ransom notes were created/displayed in a pop-up window and "HOW TO DECRYPT FILES.txt" text file. Based on the message therein, it is likely that this ransomware is still in development since there is a lack of critical information.

What kind of malware is Agent Racoon?

Agent Racoon is a malicious program written using the .NET framework. It is classed as a backdoor; malware within this classification is designed to open a "backdoor" into targeted systems. These programs are typically used in the initial phases of multi-stage infections.

The first instances of Agent Racoon were discovered in July 2022; however, a C&C (Command and Control) domain associated with its infections was registered back in August 2020.

This backdoor, alongside other malware, has been observed being used in attacks leveraged against organizations based in the Middle East, Africa, and the United States. Agent Racoon, specifically, was utilized in infections targeting governmental entities and non-profit organizations. There is evidence suggesting that these attacks could have been carried out by a state-backed threat actor.

What is "DHL Unpaid Duty"?

During our evaluation, it has come to light that this email is a fraudulent attempt masquerading as a notification from DHL, a reputable logistics company. The individuals orchestrating this scam intend to deceive recipients into accessing a counterfeit website and divulging personal information. Such deceptive emails fall under the category of phishing emails.

What kind of malware is Elpy?

While conducting regular analysis of malware samples submitted to VirusTotal, we discovered a ransomware variant dubbed Elpy. It belongs to the Phobos family and is designed to encrypt files, modify filenames, and provide two ransom notes. Elpy appends the victim's ID, ambu.lance@tuta.io email address, and ".elpy" extension to filenames.

For instance, it renames "1.jpg" to "1.jpg.id[9ECFA84E-3352].[ambu.lance@tuta.io].elpy", "2.png" to "2.png.id[9ECFA84E-3352].[ambu.lance@tuta.io].elpy", and so forth. The ransom notes created by Elpy are named "info.txt" and "info.hta".

What kind of page is ourhugenewz[.]com?

During a routine investigation of dubious sites, our research team discovered ourhugenewz[.]com. Upon inspection, we determined that this is a rogue webpage that promotes browser notification spam and is capable of redirecting visitors to other (likely untrustworthy/dangerous) websites.

The majority of users access sites like ourhugenewz[.]com through redirects generated by pages that utilize rogue advertising networks.