Virus and Spyware Removal Guides, uninstall instructions

What kind of software is Cityscapes?

Cityscapes is a browser extension that promises to display browser wallpapers depicting cityscapes and urban skylines. Our researchers found this piece of software while investigating deceptive websites. After analyzing Cityscapes, we learned that it modifies browser settings and promotes (via redirects) the schcm.com fake search engine. Due to this behavior, this extension is classed as a browser hijacker.

What kind of application is ElementaryDivision?

Our research team found the ElementaryDivision adware while inspecting new submissions to the VirusTotal website. When we examined this piece of software, we determined that it is adware. ElementaryDivision is part of the AdLoad malware family. This application is designed to deliver intrusive ad campaigns.

What kind of malware is Lqepjhgjczo?

Our research team discovered the Lqepjhgjczo ransomware while inspecting new submissions to the VirusTotal platform. This malicious program is part of the Snatch ransomware family. It is designed to encrypt files and demand payment for their decryption.

On our test machine, Lqepjhgjczo encrypted files and added the ".lqepjhgjczo" extension to their names. For example, an original title such as "1.jpg" appeared as "1.jpg.lqepjhgjczo", "2.png" as "2.png.lqepjhgjczo", etc.

After the encryption was completed, a ransom note with the filename "HOW TO RESTORE YOUR LQEPJHGJCZO FILES.TXT" was created. Based on the message therein, it is evident that this ransomware does not target home users but rather business-oriented entities.

What kind of email is "ATM Card"?

Our inspection of the "ATM Card" email uncovered that it is spam. The letter claims that the recipient will be sent an ATM card with over three million US dollars on it, and they are asked to provide their personal information for delivery purposes. However, it is possible that this phishing scam will also request bogus payments.

What kind of application is BellisPerennis?

The BellisPerennis browser extension came to our attention when our team analyzed a malicious installer sourced from an untrustworthy website. We identified that BellisPerennis possesses the capability to execute various actions upon adding, including the activation of the "Managed by your organization" feature in Chrome browsers.

What kind of malware is Oohu?

While examining malware samples submitted to VirusTotal, we encountered a ransomware variant known as Oohu. Oohu is specifically crafted to encrypt files and modify their file names by adding the ".oohu" extension. Additionally, Oohu produces a ransom message named "_readme.txt".

To provide an example of Oohu's filename alterations, it converts files such as "1.jpg" into "1.jpg.oohu" and "2.png" into "2.png.oohu" and so on. It is crucial to emphasize that Oohu belongs to the Djvu ransomware family. Often, cybercriminals deploy Djvu ransomware alongside data-stealing malware like RedLine or Vidar.

What kind of malware is PySilon?

PySilon is a Remote Access Trojan (RAT) written in the Python programming language. Malware within this classification enables remote access and control over infected machines. PySilon is a multi-functional program that can execute various commands on systems and has extensive spyware/data-stealing functionalities.

What kind of application is Fish?

While analyzing a malicious installer obtained from an untrustworthy website, our team stumbled upon the Fish browser extension. We observed that Fish possesses the capability to execute multiple actions once added. One of its functions includes enabling the "Managed by your organization" feature in Chrome browsers. It is advisable for users to refrain from adding Fish to their browsers.

What kind of malware is DBatLoader?

DBatLoader, also known as ModiLoader, is a malware variant designed to download and run the ultimate payload of common malware operations, typically information-stealing malware or a remote access tool (RAT) like Remcos, Warzone, FormBook, or AgentTesla.

DBatLoader distribution campaigns are often initiated through malicious emails and are notable for their exploitation of cloud services to prepare and fetch supplementary payloads.

What kind of malware is Burntcigar?

Burntcigar is a piece of malware that cybercriminals frequently employ in ransomware attacks, specifically with the Cuba ransomware variant. Burntcigar scans for process names that appear to be associated with well-known antivirus (AV) or endpoint detection and response (EDR) products. It then includes the process IDs of these identified processes in the stack for termination at a later stage.