Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is GKICKG?

Our research team found GKICKG ransomware while browsing file submissions to the VirusTotal website. Ransomware operates by encrypting data and demanding ransoms for its decryption.

On our test machine, this malicious program encrypted files and added ".{victim's_ID}.GKICKG" to their names. For example, a file originally titled "1.jpg" appeared as "1.jpg.{FFE2FECE-1A8A-EBC5-3CA4-12479033427D}.GKICKG" following encryption.

Once this process was completed, GKICKG dropped a ransom note in a text file named "README.TXT". Based on the message therein, it is evident that this ransomware targets companies as opposed to home users.

What is "TotalAV - You Recently Visited Compromised Websites"?

We have inspected the site and concluded that it hosts a pop-up scam. These scams usually involve fake warnings/alerts or use other scare tactics to trick users into taking certain actions. None of the claims presented on these pages are true. It is best to close such pages and never visit them again.

What kind of malware is MassJacker?

MassJacker is a cryptojacking malware. The purpose of this malware is to steal cryptocurrency. It is likely distributed and utilized by multiple threat actors, suggesting that MassJacker may operate as a malware-as-a-service (MaaS). Users who suspect their computers may be infected should immediately eliminate the malware to avoid monetary loss.

What kind of malware is Squidoor?

Squidoor is a backdoor-type malware that targets Windows and Linux OSes (Operating Systems). Programs within this classification open "backdoors" into targeted machines to prep them for further infection, and some can even download/install payload malware.

Squidoor has been around since at least the spring of 2023. This malicious program has been utilized in cyber-espionage campaigns targeting entities in governmental, defense, education, telecommunication, and other high-sensitivity spheres throughout Southeast Asia and South America. There is some evidence linking this activity to a threat actor based in China.

What kind of page is light-app[.]monster?

During our inspection, we found that light-app[.]monster provides links leading to malicious downloads and requests permission to show notifications. This page should be avoided and not allowed to send notifications to avoid exposure to various online threats, including scams and malware.

What kind of page is swaprotocol[.]xyz?

In our analysis of swaprotocol[.]xyz, we discovered that this page uses clickbait to receive permission to show notifications. Once visited, the site displays deceptive content. Users should avoid visiting swaprotocol[.]xyz and never agree to receive notifications from such websites.

What kind of malware is Zsszyy?

Zsszyy is ransomware our team discovered while inspecting malware samples submitted to VirusTotal. Ut is identical to other ransomware known as Tianrui, Hush, and MoneyIsTime. Zsszyy's purpose is to encrypt files. Also, it appends the victim's ID and the ".zsszyy" extension to files, and drops a ransom note "README.TXT".

Here is an example of how files encrypted by Zsszyy are renamed: "1.jpg" is changed to "1.jpg.{9D6FCEEF-BE11-F143-914B-5F2CBAAA094E}.zsszyy" and "2.png" to "2.png.{9D6FCEEF-BE11-F143-914B-5F2CBAAA094E}.zsszyy".

What kind of malware is Bee RAT?

Bee RAT is a Remote Access Trojan that allows cybercriminals to perform malicious activities on infected devices. With Bee RAT, threat actors can access and control infected devices remotely. RATs are usually employed to steal sensitive information, deploy additional payloads, or for other malicious purposes.

What kind of page is newsandads[.]top?

While browsing questionable websites, our research team discovered newsandads[.]top. This rogue page promotes browser notification spam and redirects visitors to other (likely untrustworthy/dangerous) sites.

Most users access newsandads[.]top and analogous webpages via redirects caused by websites that utilize rogue advertising networks.

What kind of page is highlevelnetwork.co[.]in?

Highlevelnetwork.co[.]in is a rogue webpage discovered by our researchers during a routine investigation of suspicious sites. Upon inspection, we learned that this page endorses browser notification spam and produces redirects to other (likely unreliable/dangerous) websites.

The majority of users access webpages like highlevelnetwork.co[.]in via redirects caused by websites employing rogue advertising networks.