Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is SpotifyxBiden?

Our researchers discovered the SpotifyxBiden ransomware while inspecting new malware submissions to the VirusTotal site. This malicious program is based on the Chaos ransomware. SpotifyxBiden is designed to encrypt data and demand ransoms for its decryption.

On our test machine, the ransomware added the ".spotifyxbiden" to the titles of encrypted files. For example, a file initially named "1.jpg" appeared as "1.jpg.spotifyxbiden", "2.png" as "2.png.spotifyxbiden", and so on.

After the encryption process was finished, SpotifyxBiden changed the desktop wallpaper and dropped a ransom-demanding message titled "read_it.txt".

What kind of email is "Deceased Relative"?

Our inspection of the "Deceased Relative" email revealed that it is spam. This phishing mail is presented as a letter from an attorney who had represented the recipient's deceased relative. As the next of kin, the recipient is supposedly entitled to a large sum.

Spam emails of this kind target personally identifiable information and may trick victims into transferring money to the scammers.

What is MelursusUrsinus?

During our examination of a malicious installer downloaded from a shady website, we encountered the MelursusUrsinus browser extension. Our team learned that it is a malicious extension that can activate the "Managed by your organization" feature within the Chrome browser, gather various data, and manage certain browser components.

What kind of application is GeneralAccess?

After reviewing GeneralAccess, our team has determined that its primary function is to deliver intrusive advertisements to users, categorizing it as adware. It is worth highlighting that similar apps to GeneralAccess are frequently promoted and distributed through deceptive means. Thus, users install them inadvertently.

What kind of software is fake Google Drive extension?

While investigating dubious websites, our research team found a deceptive page promoting an installer containing this fake Google Drive browser extension. This piece of malicious software has data-stealing capabilities, and it can display spam browser notifications.

It must be emphasized that this extension is fake, and it is in no way associated with the actual Google Drive file storage and synchronization service or its developer – Google.

What kind of malware is ValleyFall?

ValleyFall is the name of spyware, malicious software designed to secretly gather information from a victim's computer or device without their knowledge. Additionally, ValleyFall can infect computers with a RAT component primarily designed for password theft and keylogging on infected computers.

What is "Documents And Funds Have Been Credited"?

Upon conducting a comprehensive examination, our team has determined that the purpose of this email is to deceive recipients into divulging their personal information. Emails of this kind are categorized as phishing attempts. In this case, scammers aim to lure recipients into entering sensitive details via the attached file.

What kind of application is GeneralExplorer?

Following an analysis of GeneralExplorer, our team has established that its primary purpose is to deliver intrusive advertisements to users, classifying it as adware. It is important to emphasize that apps akin to GeneralExplorer are often promoted and distributed through deceptive methods.

What kind of malware is Wwhu?

While examining malware samples using the VirusTotal platform, we encountered the Wwhu ransomware, which belongs to the Djvu family. Once it gains access to a computer, this ransomware encrypts data and adds the ".wwhu" extension to file names. As an example, it renames "1.jpg" to "1.jpg.wwhu" and "2.png" to "2.png.wwhu".

Wwhu also generates a ransom note, a text document named "_readme.txt". Furthermore, the distribution of Wwhu may include other types of malware explicitly crafted for data theft, such as Vidar or RedLine.

What is CumulonimbusIncus?

While investigating a malicious installer, we came across CumulonimbusIncus and its concerning behavior as a browser extension. This behavior encompassed activating the "Managed by your organization" feature within the Chrome browser, collecting diverse data, and monitoring specific components of the browser.