Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Zput?

During routine malware analysis, our research team discovered the Zput ransomware. This malicious program is part of the Djvu ransomware family. Zput is designed to encrypt files and demand ransoms for their decryption.

On our test machine, this ransomware appended the names of encrypted files with a ".zput" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.zput", "2.png", as "2.png.zput", and so forth. Afterward, a ransom note titled "_readme.txt" was dropped.

It is noteworthy that Djvu infections are commonly accompanied by RedLine, Vidar, or other data-stealing malicious programs.

What kind of malware is Zpas?

While investigating malware samples, our research team discovered yet another Djvu ransomware called Zpas. Malware within this classification is designed to encrypt data and demand ransoms for its decryption.

After we executed a sample of Zpas on our testing system, this ransomware encrypted files and appended their filenames with a ".zpas" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.zpas", "2.png" as "2.png.zpas", etc. After this process concluded, a ransom note titled "_readme.txt" was created.

It is noteworthy that Djvu ransomware often arrives onto systems alongside information-stealing programs such as Vidar, RedLine, or others.

What kind of page is hokarsoud[.]com?

Hokarsoud[.]com is a rogue webpage designed to push browser notification spam and lead users to other (likely unreliable/dangerous) sites.

Most visitors to hokarsoud[.]com and pages akin to it access them through redirects generated by websites that utilize rogue advertising networks. Our researchers discovered this webpage during a routine investigation of sites that use these networks.

What kind of software is Web Ace Tab?

Web Ace Tab is a rogue browser extension that our research team found during a routine inspection of unreliable websites. While this piece of software promises to display abstract browser wallpapers, it also modifies certain settings to promote (via redirects) the webacetab.com fake search engine. Additionally, this extension spies on users' browsing activity. This behavior classifies Web Ace Tab as a browser hijacker.

What kind of email is "Security Information"?

Our examination of the "Security Information" email revealed that it is spam promoting a phishing scam. This mail falsely claims that the recipient's email account password is about to expire, thus tricking them into disclosing this sensitive information.

What kind of email is "You Have Received Attached Document"?

The "You Have Received Attached Document" spam email is disguised as a notification regarding a sent file. The alleged attachment is a document concerning a contract. This phishing mail aims to obtain recipients' email account log-in credentials.

What kind of malware is Mad Cat?

Mad Cat is a ransomware-type program discovered by our researchers during a routine inspection of new submissions to the VirusTotal platform. Malware within this classification operates by encrypting files to demand payment for its decryption.

On our test machine, Mad Cat encrypted files and altered their filenames. Original names were appended with an extension consisting of four random characters, e.g., a file titled "1.jpg" appeared as "1.jpg.6psf", "2.png" as "2.png.jwni", etc. After this process was concluded, the desktop wallpaper was changed, and a ransom note titled "HACKED.txt" was created.

What kind of email is "PCRF"?

It is common for scams promoted through spam campaigns to take advantage of ongoing crises, and this "PCRF" email is no exception. This mail's backdrop is the 2023 Israel–Hamas war, and the email is presented as a donation request from Palestine Children's Relief Fund (PCRF).

It must be stressed that this spam mail is in no way associated with the actual non-governmental and nonprofit organization. Hence, by transferring cryptocurrency to the provided wallet – the recipient will be sending their funds to scammers.

What kind of software is Art Tab Club?

Art Tab Club is a rogue extension that promises to display artistic or art-depicting browser wallpaper. However, this piece of software is actually a browser hijacker. It changes browser settings to endorse (through redirects) the arttabclub.com fake search engine. It must be mentioned that this browser extension has data-tracking functionalities as well.

What kind of email is "HSBC - Payment Swift Copy"?

After analyzing the "HSBC - Payment Swift Copy" email, we determined that it is spam. Presented as a notification from HSBC regarding a payment, this letter aims to deceive recipients into providing their email account log-in credentials (passwords) to a phishing website.