Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is DOOK?

While reviewing new malware submissions to the VirusTotal platform, we discovered the DOOK ransomware-type program. It is part of the Dharma ransomware family.

On our testing system, DOOK encrypted files and appended their filenames with a unique ID assigned to the victim, the cyber criminals' emails, and a ".DOOK" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.id-9ECFA84E.[Alexdec23@aol.com].DOOK".

After the encryption process was finished, ransom notes were created/displayed in a pop-up window and text file – "README!.txt". Based on the messages therein, it is clear that DOOK targets companies rather than home users. Additionally, this ransomware uses double-extortion tactics.

What kind of application is PrimeVersion?

Upon assessing PrimeVersion, it has become evident that its primary function is to flood users with intrusive advertisements, categorizing it as adware. It is worth emphasizing that such applications are frequently promoted and disseminated through misleading tactics, which can lead users to install them without being aware of it.

What kind of malware is AtlasAgent?

AtlasAgent refers to a Trojan designed for the purpose of acquiring host data and system processes, restricting the simultaneous execution of multiple programs, inserting designated shellcodes, and retrieving files from Command and Control servers. The AtlasAgent Trojan is a DLL application coded in the C++ programming language.

What is "Switch To New Version"?

Following an examination, we have determined that the purpose of this email is to deceive recipients into revealing their personal information. These emails are categorized as phishing attempts, and in this particular scenario, the perpetrators impersonate an email service provider to persuade recipients to divulge sensitive data on a fraudulent page.

What kind of application is ProductionInteractive?

After an evaluation of ProductionInteractive, it has become clear that its main purpose is to inundate users with intrusive advertisements, classifying it as adware. It is important to note that such applications are often promoted and distributed through deceptive methods, leading users to install them unknowingly.

What kind of page is fieryforgekeeper[.]top?

Our research team found the fieryforgekeeper[.]top rogue page while investigating dubious websites. It promotes browser notification spam and redirects users to different (likely unreliable/harmful) sites.

Users predominantly enter pages like fieryforgekeeper[.]top via redirects caused by websites that utilize rogue advertising networks.

What kind of software is Namaste Tab?

Namaste Tab is a browser extension that we discovered while reviewing dubious websites. Our analysis revealed that this extension is browser-hijacking software. It modifies browser settings in order to promote (via redirects) the privatesearchqry.com illegitimate search engine.

What kind of software is BudgetBuddy?

Our research team found the BudgetBuddy browser extension during a routine investigation of suspicious sites. This extension is promoted as a tool that allows users to manage their monthly budget.

However, following our inspection, we determined that BudgetBuddy is a browser hijacker. It makes changes to browser settings in order to promote the uhereugo.com fake search engine.

What kind of email is "WebMail Server Manager"?

Our examination of the "WebMail Server Manager" email revealed that it is malspam. This spam letter informs the recipient that multiple messages have failed to reach their inbox.

Supposedly, the undelivered emails can be found in the attachments. The attached files are identical, and both are designed to infect systems with the Agent Tesla RAT (Remote Access Trojan).

What kind of application is AdAssistant?

AdAssistant is an application that our researchers discovered while inspecting deceptive sites. After investigating this piece of software, we determined that it is adware. Additionally, the installation setup containing AdAssistant was bundled with the Shop and Watch, ChatGPT Check, and NXD Fix rogue browser extensions.