Virus and Spyware Removal Guides, uninstall instructions

What is Dark Mode Online?

While inspecting dubious download webpages, our researchers discovered the Dark Mode Online browser extension. After analyzing Dark Mode Online, we determined that it operates as advertising-supported software (adware).

What is Common Search?

While inspecting questionable download webpages, our research team discovered the Common Search browser extension. Our analysis of this piece of software revealed that it operates as a browser hijacker. Common Search changes browser settings to promote the search.common-search.com fake search engine.

What is VantageReservation?

VantageReservation is a piece of rogue software that our researchers discovered while inspecting new submissions to VirusTotal. Our analysis of this app revealed that it is adware belonging to the AdLoad malware family.

What is Jenny ransomware?

Discovered by the MalwareHunterTeam, Jenny is a piece of malicious software classified as ransomware. Programs within this classification encrypt victims' data and demand payment for the decryption.

When we launched a sample of Jenny on our test system, it encrypted files and appended their filenames with a ".JENNY" extension, e.g., a file titled "1.jpg" appeared as "1.jpg.JENNY", "2.png" as "2.png.JENNY", etc. Afterwards, this ransomware changed the desktop wallpaper and displayed a pop-up window.

However, Jenny does not make any demands, nor do its notes contain any contact information. Therefore, it is unclear whether this is because the program was released for testing purposes or due to the developers' ineptitude.

What is Toll Fraud malware?

"Toll Fraud" malware refers to a specific category of malicious software targeting the Android Operating Systems (OSes). Apps within this classification aim to stealthily sign-up victims to various premium services, thus racking up their phone bills.

What kind of application is Extra Search?

We have discovered the Extra Search application while examining shady websites. After analyzing the app, we found that it is a browser hijacker. Extra Search modifies some of the settings of a web browser by changing them to search.extra-searches.com (a fake search engine).

What kind of page is subscribe-notifications[.]com?

While inspecting dubious websites, our researchers discovered the subscribe-notifications[.]com site. It promotes spam browser notifications and redirects visitors to other (likely unreliable and malicious) webpages.

Most users enter subscribe-notifications[.]com and sites akin to it through redirects caused by pages using rogue advertising networks.

What kind of application is ExplorerTrusted?

Our team has discovered ExplorerTrusted during an analysis of deceptive websites claiming that it is required to update the Adobe Flash Player (encouraging to download a fake installer). It was found that the purpose of ExplorerTrusted is to generate advertisements. Therefore, we categorized it as adware.

What kind of malware is Lux?

Lux is ransomware belonging to the Chaos ransomware family. Our team has discovered this ransomware while checking the VirusTotal page for recently submitted malware samples. We found that Lux renames files and appends the ".lux" extension to filenames. Also, it changes the desktop wallpaper and drops the "read_it.txt" file (a ransom note).

An example of how Lux modifies filenames: it renames "1.jpg" to "1.jpg.lux", "2.png" to "2.png.lux", "3.exe" to "3.exe.lux", and so forth.

What is ExploreTransaction?

During a routine inspection of new submissions to VirusTotal, our research team discovered the ExploreTransaction application. After analyzing this app, we determined that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family.