Virus and Spyware Removal Guides, uninstall instructions

What is Adblock Web?

Adblock Web is a rogue browser extension that we discovered while inspecting suspicious websites. It promises to block advertisements, but instead of blocking them - this extension displays ads. Hence, Adblock Web is classified as advertising-supported software (adware).

What is FractionControl?

FractionControl is a rogue app that our research team discovered while inspecting new submissions to VirusTotal. Our inspection of this application revealed that it operates as adware. It is pertinent to mention that FractionControl is part of the AdLoad malware family.

What kind of email is "Netflix - We've Suspended Your Membership"?

After inspecting the "Netflix - We've Suspended Your Membership" email, we determined that it is fake. This spam letter informs recipients that their Netflix membership has been suspended, and the payment information needs to be renewed to prevent the subscription from expiring. By using these fake claims, the email attempts to trick users into providing their account log-in credentials to a bogus Netflix website.

What kind of page is mydailysecurityguard[.]site?

We examined mydailysecurityguard[.]site and found that this page runs the "Norton Security - Your PC might be infected with viruses!" scam and asks for permission to show shady notifications. We encountered this site while inspecting pages that use rogue advertising networks. Users do not visit websites like mydailysecurityguard[.]site intentionally.

What kind of malware is MEOW?

MEOW is ransomware based on other ransomware called CONTI. MEOW encrypts files and appends the ".MEOW" extension to their filenames. It also drops the "readme.txt" file (a ransom note). An example of how MEOW ransomware modifies filenames: it renames "1.jpg" to "1.jpg.MEOW", "2.png" to "2.png.MEOW", and so forth.

What kind of malware is Doenerium?

Doenerium is an information stealer masquerading as Windows Malicious Software Removal Tool. This malware targets cryptocurrency wallets, Internet browsers, clipboard data, and system information. Also, the malware author uses Doenerium to mine cryptocurrency on computers attacked by threat actors distributing this malware.

What is OBZ ransomware?

While inspecting new submissions to VirusTotal, our researchers discovered the OBZ ransomware-type program that is identical to U2K and MME.

After we executed a sample of OBZ on our testing system, it encrypted files and appended their filenames with a ".OBZ" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.OBZ", "2.png" as "2.png.OBZ", and so on.

Once this process was completed, a ransom note - "ReadMe.txt" - was created. It is noteworthy that on our test system, OBZ ransomware's process on Windows Task Manager appeared as "Traffic Light" (however, the name may vary).

What kind of page is filedownloader[.]cloud?

Filedownloader[.]cloud is a shady website designed to download an installer that installs potentially malicious applications. Our team discovered filedownloader[.]cloud while inspecting pages that use rogue advertising networks (e.g., illegal movie streaming pages, torrent sites). Users do not normally visit sites like filedownloader[.]cloud on purpose.

What kind of malware is PUTIN?

PUTIN is ransomware belonging to the CONTI family. It prevents victims from accessing data by encrypting it. Also, PUTIN appends the ".PUTIN" extension to the filenames of all encrypted files and drops the "README.txt" file that contains contact information.

An example of how PUTIN ransomware renames encrypted files: "1.jpg" to "1.jpg.PUTIN", "2.png" to "2.png.PUTIN", and so forth.

What kind of application is AdvancedHelper?

Our team tested the AdvancedHelper application and found that it operates as adware - it displays annoying advertisements. It is uncommon for advertising-supported software to be downloaded and installed knowingly. We discovered AdvancedHelper on a deceptive page.