Virus and Spyware Removal Guides, uninstall instructions

What kind of application is CumulusFractus?

While analyzing an untrustworthy installer obtained from an unreliable website, we came across the CumulusFractus browser extension. Our investigation revealed troubling attributes linked to this application, such as its capacity to enable the "Managed by your organization" feature in the Chrome browser, collect data, and manage browser components.

What kind of malware is ReadText?

Our research team found the ReadText ransomware while inspecting new submissions to the VirusTotal platform. This malicious program is part of the MedusaLocker ransomware family.

ReadText operates like standard ransomware. It encrypted the files on our test machine. Original filenames were appended with a ".readtext4" extension; note that the number may vary depending on the ransomware variant. For example, a file initially titled "1.jpg" appeared as "1.jpg.readtext4", "2.png" as "2.png.readtext4", etc.

Afterward, a ransom-demanding message named "How_to_back_files.html" was dropped. Based on this note, it is evident that ReadText targets companies and utilizes double-extortion tactics.

What is "JPMorgan Chase Online Security Department"?

Upon investigation, it has been determined that the intent of this email is to deceive recipients into sharing their personal information. The scammers behind this email pose as representatives from the JPMorgan Chase online security department, aiming to deceive recipients into providing the requested information on the fraudulent form attached to the email.

What kind of malware is Meduza?

Meduza is a ransomware variant (belonging to the MedusaLocker family) that has been discovered during analysis of malware samples submitted to the VirusTotal page. The purpose of Meduza is to encrypt files. Also, it appends its extension (".meduza24" or similar) to filenames and creates a ransom note ("How_to_back_files.html").

An example of how files encrypted by Meduza are renamed: "1.jpg" is changed to "1.jpg.meduza24", "2.png" to "2.png.meduza24", and so forth.

What is "Microsoft Ending Promotion Award"?

After reviewing this email, it has come to our attention that it is a fraudulent message falsely claiming to be from Microsoft. The scammers behind this scam are trying to deceive recipients by claiming they have won a large amount of money. Their objective is to entice recipients to share personal information and potentially send money.

What kind of malware is Mzre?

While analyzing malware samples uploaded to VirusTotal, we encountered Mzre, a ransomware variant linked to the Djvu family. Mzre encrypts files, appends the ".mzre" extension to their filenames, and generates a ransom note ("_readme.txt").

An illustration of how Mzre alters filenames involves changing "1.jpg" to "1.jpg.mzre", "2.png" to "2.png.mzre" and so on. It is important to note that Mzre, as part of the Djvu ransomware family, may be disseminated alongside information-stealing malware like Vidar and RedLine.

What kind of app is Go Blocker?

While scrutinizing the Go Blocker browser extension, we observed its tendency to showcase bothersome advertisements, which categorizes it as adware. Additionally, Go Blocker possesses the capability to access and modify various data. As a result, users are advised not to place trust in this application and should promptly remove it from their affected browsers.

What kind of software is Fetchzilla?

Fetchzilla is an adware-type browser extension that our researchers discovered while investigating suspicious websites. It is promoted as a tool that simplifies media (e.g., image) download off the Web. However, this extension runs intrusive advertisements instead. In other words, Fetchzilla feeds users with unwanted and deceptive ads.

What kind of software is Literature News on New Tab?

Literature News on New Tab is a browser extension that promises easy access to the latest news on literature. Our inspection of this extension revealed that it is browser-hijacking software. Literature News on New Tab modifies browser settings to generate redirects.

What kind of application is ProgramProcessor?

Our research team found the ProgramProcessor app during a routine check on new file submissions to the VirusTotal site. After inspecting this application, we determined that it is advertising-supported software (adware). ProgramProcessor is part of the AdLoad malware family.