Virus and Spyware Removal Guides, uninstall instructions

What kind of software is Animated BG?

Animated BG is a rogue extension that displays animated browser wallpapers. Our analysis of this piece of software revealed that it is a browser hijacker. It makes alterations to browser settings in order to promote (via redirects) the search.animatedbg-tab.com fake search engine.

What kind of malware is Got?

Our research team discovered a ransomware-type program called Got while investigating new submissions to the VirusTotal platform. This malicious program belongs to the Xorist ransomware family. Got malware is designed to encrypt data and demand payment for its decryption.

On our test system, this ransomware encrypted files and changed their filenames. Original titles were appended with a ".Got" extension,e.g., a file named "1.jpg" appeared as "1.jpg.Got", "2.png" as "2.png.Got", etc. Afterward, ransom notes were created in a pop-up window and the "HOW TO DECRYPT FILES.txt" text file.

What kind of malware is Mzqt?

In our examination of malware samples using the VirusTotal platform, we encountered a ransomware variant identified as Mzqt. This ransomware employs file encryption to limit access to files and adds the ".mzqt" extension to file names. Additionally, it generates a ransom note named "_readme.txt".

The Mzqt ransomware belongs to the Djvu ransomware family and is linked to information stealers like RedLine and Vidar. An illustration of how Mzqt alters file names is as follows: it transforms file names such as "1.jpg" into "1.jpg.mzqt", "2.png" into "2.png.mzqt", and so on.

What kind of malware is Mzhi?

In the course of inspection of malware samples provided on the VirusTotal platform, a Djvu member dubbed Mzhi has been discovered. Mzhi encrypts files and modifies their filenames by adding the ".mzhi" extension. Additionally, Mzhi is programmed to generate a text file named "_readme.txt", which contains a ransom note.

Djvu ransomware is often distributed in conjunction with information stealers such as RedLine or Vidar by malicious actors. An example of how Mzhi alters filenames: it transforms "1.jpg" into "1.jpg.mzhi", "2.png" into "2.png.mzhi" and so on.

What kind of malware is ZenRAT?

ZenRAT is the name of a Remote Access Trojan (RAT) that has been around since at least the summer of 2023. This malware has data-stealing capabilities and can implement modules for additional functionality. The latter means that this trojan may be transformed into a highly versatile piece of malicious software.

ZenRAT has been observed being distributed through a fake Bitwarden website. It must be stressed that neither the site nor the RAT is in any way associated with the actual Bitwarden service.

What kind of application is VulpesVulpes?

During an examination of an untrustworthy installer downloaded from an unreliable website, we encountered the VulpesVulpes browser extension. Our investigation uncovered concerning characteristics associated with this app, which included its ability to activate the "Managed by your organization" feature in the Chrome browser, gather user data, and manage browser components.

What kind of application is ZenSearch?

Following an evaluation of the ZenSearch application, it has determined that its primary purpose is to function as a browser hijacker with the aim of promoting the fake search engine, search.zensearch.online. This extension alters browser settings to assert control over the user's browsing experience.

What kind of malware is DOOK?

While reviewing new malware submissions to the VirusTotal platform, we discovered the DOOK ransomware-type program. It is part of the Dharma ransomware family.

On our testing system, DOOK encrypted files and appended their filenames with a unique ID assigned to the victim, the cyber criminals' emails, and a ".DOOK" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.id-9ECFA84E.[Alexdec23@aol.com].DOOK".

After the encryption process was finished, ransom notes were created/displayed in a pop-up window and text file – "README!.txt". Based on the messages therein, it is clear that DOOK targets companies rather than home users. Additionally, this ransomware uses double-extortion tactics.

What kind of application is PrimeVersion?

Upon assessing PrimeVersion, it has become evident that its primary function is to flood users with intrusive advertisements, categorizing it as adware. It is worth emphasizing that such applications are frequently promoted and disseminated through misleading tactics, which can lead users to install them without being aware of it.

What kind of malware is AtlasAgent?

AtlasAgent refers to a Trojan designed for the purpose of acquiring host data and system processes, restricting the simultaneous execution of multiple programs, inserting designated shellcodes, and retrieving files from Command and Control servers. The AtlasAgent Trojan is a DLL application coded in the C++ programming language.