Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Ppvw?

During our analysis of malware samples uploaded to VirusTotal, we came across the Ppvw ransomware, which is affiliated with the Djvu malware family. When a computer is infected with Ppvw, it encrypts files and appends the ".ppvw" extension to their file names. For instance, "1.jpg" is transformed into "1.jpg.ppvw" and "2.png" is changed to "2.png.ppvw".

In addition to file encryption, Ppvw generates a ransom note (it creates a file named "_readme.txt"). Furthermore, the distribution of Ppvw may involve information-stealing malware like Vidar and RedLine.

What kind of software is Website Security Scanner?

Website Security Scanner is endorsed as a tool that scans visited websites and verifies their safety based on over fifty databases. Our researchers discovered this browser extension during a routine inspection of rogue sites.

After examining this piece of software, we determined that it is adware. Website Security Scanner delivers intrusive advertisement campaigns and spies on users' browsing activity.

What kind of software is Art New tabs?

While investigating suspicious sites, our researchers discovered the Art New tabs browser extension. It modifies browser settings to endorse (via redirects) the goog.artnewtabs.com fake search engine. This extension also spies on users' browsing activity. This behavior classifies Art New tabs as a browser hijacker.

What kind of malware is BlackDream?

While investigating new malware submissions to VirusTotal, our research team discovered the BlackDream ransomware-type program. Software within this classification encrypts data in order to demand payment for its decryption. On our test system, BlackDream encrypted files and modified their filenames.

Original titles were appended with a unique ID, the cyber criminals' email address, and a ".BlackDream" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.[9ECFA84E].[Blackdream01@zohomail.eu].BlackDream". Once this process was completed, a ransom note titled "ReadME-Decrypt.txt" was dropped.

What kind of software is Dark Home?

Dark Home is an extension that promises to display "dark aesthetic" browser wallpapers and motivational/inspirational quotes. Our researchers found this piece of software while reviewing suspicious websites.

After examining Dark Home, we determined that it is a browser hijacker. This extension makes changes to browser settings in order to promote (through redirects) the search.dark-home-page.com fake search engine.

What kind of malware is Jarjets?

During a routine investigation of new file submissions to the VirusTotal site, our researchers discovered the Jarjets ransomware. It is designed to encrypt files and demand payment for its decryption.

On our test machine, this ransomware encrypted files and changed their filenames. Original titles were appended with a ".Jarjets" extension, e.g., a file named "1.jpg" appeared as "1.jpg.Jarjets", "2.png" as "2.png.Jarjets", etc. After this process was finished, a ransom note titled "Jarjets_ReadMe.txt" was created.

What kind of software is DodoIneptus?

Our research team discovered an installation setup containing the DodoIneptus malicious extension while investigating suspect websites. It can manage and manipulate browsers. This piece of software also has data-tracking abilities. The presence of DodoIneptus on browsers endangers user privacy and may lead to further infections.

What kind of malware is StripedFly?

StripedFly is a sophisticated cross-platform malware framework. It targets Windows and Linux operating systems. This software is modular, i.e., it downloads modules for additional functionality.

StripedFly utilizes extensive anti-detection capabilities that have contributed to its initial misidentification as a cryptocurrency miner. While this malware does have cryptominer abilities, its functionalities are far broader.

StripedFly first came into prominence in 2022; however, its use of an exploit known since 2017 suggests that this program might have been around for quite a lot longer.

It is noteworthy that StripedFly uses legitimate code repositories to host and retrieve content, e.g., Bitbucket, GitHub, and GitLab. Download tracking provided by Bitbucket indicated that certain files associated with this malware were downloaded in the 50-150 thousand range. The numbers from this repository alone show that StripedFly has had a wide outreach.

What kind of malware is GoPIX?

GoPIX is a malicious program targeting the Pix instant payment platform. Essentially, this malware operates as a clipper designed to reroute transactions made through the Pix platform. It does also work as a more standard clipper, i.e., the program likewise targets cryptocurrency transactions.

GoPIX has been around since at least December 2022. As Pix was created and managed by the Central Bank of Brazil (BCB), its user base naturally consists of Brazil's citizens. Therefore, GoPIX activity is almost exclusive to Brazil.

What kind of software is Equidae?

Equidae is a malicious extension compatible with Google Chrome and Microsoft Edge. This software can manipulate and manage browsers, and these functionalities can be used for a variety of harmful activities. Additionally, this browser extension collects vulnerable information.

Our research team discovered an installation setup containing Equidae on a deceptive webpage found during a routine investigation of untrustworthy sites.