Virus and Spyware Removal Guides, uninstall instructions

What kind of application is StandartPartition?

Upon analysis, it was discovered that the app functions as adware. StandartPartition, upon installation, displays intrusive advertisements to promote questionable content. Furthermore, the app may possess the ability to access and collect personal information. Therefore, it is advisable to avoid using this app.

What kind of malware is Ldhy?

In our thorough examination of malware samples submitted to the VirusTotal page, we have determined that Ldhy is a ransomware variant linked to the Djvu family. Ldhy encrypts files and appends its extension (".ldhy") to the filenames. For instance, it transforms "1.jpg" into "1.jpg.ldhy", "2.png" into "2.png.ldhy", and so forth.

Additionally, Ldhy creates a text file named "_readme.txt" as a ransom note containing payment instructions and contact details. It is important to highlight that Djvu ransomware attacks often incorporate information stealers like Vidar or RedLine.

What kind of website is ssj4.io?

While investigating deceptive websites, our team uncovered an installation package containing a dubious application that compels users to visit ssj4.io, a questionable search engine. Typically, browser-hijacking programs modify browser settings to promote such sites. In this case, the app abstained from altering any settings. Also, it employed a persistence mechanism, complicating the removal process.

What kind of malware is Fastbackdata?

While investigating new submissions to VirusTotal, our researchers discovered the Fastbackdata ransomware. It is designed to encrypt data and demand ransoms for its decryption. This malicious program belongs to the Phobos ransomware family.

Fastbackdata encrypted files and changed their filenames on our testing system. Original filenames were appended with a unique ID assigned to the victim, the attackers' email address, and a ".fastbackdata" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3511].[fastbackdata@skiff.com].fastbackdata".

Once the encryption process was completed, this ransomware created two ransom notes – "info.hta" (pop-up) and "info.txt" – and dropped them onto the desktop and into all encrypted directories. Based on these messages, it is evident that Fastbackdata targets companies rather than home users.

What kind of malware is New24?

Through our analysis of the malware, we determined that New24 is ransomware belonging to the Phobos family. We discovered New24 while checking the samples submitted to VirusTotal. Once activated, New24 encrypts data and demands payment for its decryption (it presents two ransom notes, "info.hta" and "info.txt").

Additionally, New24 appends the victim's ID, an email address, and the ".new24" extension to filenames. For example, it renames "1.jpg" to "1.jpg.id[9ECFA84E-3449].[decrypt2024@skiff.com].new24", "2.png" to "2.png.id[9ECFA84E-3449].[decrypt2024@skiff.com].new24", and so forth.

What kind of malware is CrackedCantil?

CrackedCantil is a dropper malware designed to distribute a variety of malicious software, encompassing loaders, information stealers, cryptocurrency miners, proxy bots, and ransomware. The primary method of disseminating this malware involves leveraging cracked software on dubious websites or forums.

What kind of application is DominantGeneration?

During our examination, we observed that DominantGeneration exhibits characteristics typical of adware. Once installed, it initiates the display of intrusive advertisements, leading to its classification as adware. It is noteworthy to highlight that such software often collects diverse data.

What kind of page is abelectivirean[.]com?

Our researchers discovered abelectivirean[.]com during a routine investigation of suspicious sites. Upon inspection, we determined that this rogue webpage promotes browser notification spam. Additionally, it can redirect visitors to other (likely unreliable/harmful) websites.

Users primarily access pages like abelectivirean[.]com through redirects caused by sites that use rogue advertising networks.

What kind of application is ExtendedCommand?

ExtendedCommand is an adware-type app discovered by our research team during a routine inspection of file submissions to VirusTotal. This advertising-supported software is part of the AdLoad malware family.

ExtendedCommand is designed to generate revenue for its developers by feeding users with undesirable and potentially malicious ads.

What kind of page is jastugoa[.]top?

Our researchers discovered the jastugoa[.]top rogue page while investigating questionable websites. It operates by promoting questionable content and spam browser notifications. Furthermore, this webpage can redirect users elsewhere (likely unreliable/malicious sites).

The majority of visitors to jastugoa[.]top and similar pages enter them through redirects generated by websites utilizing rogue advertising networks.