Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Your Password Is Expiring"?

After assessing this email, our team has concluded that its intention is to mislead recipients into providing personal information. Such emails are categorized as phishing attempts, and the scammers behind this particular email are aiming to deceive recipients into providing sensitive information on a fake login website.

What kind of malware is Nzoq?

Our research team recently found a new member of Djvu ransomware dubbed Nzoq. Nzoq is a malicious software that encrypts files, rendering them inaccessible. We came across Nzoq while analyzing samples on the VirusTotal website.

Nzoq might be distributed alongside other malware like RedLine or Vidar. Once it infects a system, it changes encrypted file names by adding the ".nzoq" extension (e.g., "1.jpg" becomes "1.jpg.nzoq", "2.png" becomes "2.png.nzoq", etc.). It also leaves a ransom note titled "_readme.txt".

What kind of malware is Steloj?

Steloj is a ransomware-type program designed to encrypt data and demand ransoms for its decryption. Our research team discovered this malicious program while investigating new submissions to the VirusTotal website.

After we executed a sample of Steloj on our test system, it encrypted files and appended their names with a unique ID, the cyber criminals' email address, and a ".steloj" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.[55ace29897].[steloj@mailfence.com].steloj". Once the encryption was completed, a ransom note – "README_WARNING.txt" – was created.

What kind of application is WillowAmaze?

After reviewing the WillowAmaze application, it has come to our attention that it displays intrusive advertisements. Such software falls under the classification of adware. Users frequently install apps like WillowAmaze without fully understanding the potential ramifications they can have.

What kind of application is MapperGrid?

While checking out new file submissions to VirusTotal, our research team found the MapperGrid application. After inspecting it, we determined that this app is advertising-supported software (adware). MapperGrid is part of the AdLoad malware family.

What kind of app is MyThing Search New Tab?

Our team inspected the MyThing Search New Tab browser extension and learned that it acts as a browser hijacker. The purpose of this app is to promote mythingsearch.com, a fake search engine. MyThing Search New Tab achieves this by changing the settings of the affected browser. Typically, users add browser hijackers to browsers unknowingly.

What kind of malware is Kuiper?

Our researchers found the Kuiper ransomware during a routine inspection of new submissions to the VirusTotal website. This malicious program is designed to encrypt data and demand ransoms for its decryption.

Once we executed a sample of Kuiper on our test system, it began encrypting files. Filenames of the locked files were appended with a ".kuiper" extension, e.g., a file originally titled "1.jpg" appeared as "1.jpg.kuiper", "2.png" as "2.png.kuiper", etc. Afterwards, a ransom note titled "README_TO_DECRYPT.txt" was created.

What kind of malware is MMRat?

Since late June 2023, an Android banking trojan named MMRat has been focusing on mobile users in Southeast Asia. This trojan is capable of capturing both user input and screen activity while also allowing remote control of targeted devices through diverse methods. This enables the attackers to conduct bank fraud directly on the victim's device.

What kind of malware is ErrorWindows?

ErrorWindows is ransomware that prevents victims from using/accessing their data by encrypting it. We discovered ErrorWindows during our examination of samples submitted to VirusTotal. Our team found that ErrorWindows is part of the Xorist family. Additionally, it renames files (appends the ".errorwindows" extension to filenames).

Like most ransomware, ErrorWindows provides a ransom note. It creates the "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" file. Also, this ransomware changes the desktop wallpaper and shows a pop-up window containing the same ransom note as the text file.

An example of how ErrorWindows renames files: it changes "1.jpg" to "1.jpg.errorwindows", "2.png" to "2.png.errorwindows", etc.

What kind of application is EssenceSkill?

Upon inspecting the EssenceSkill application, we noticed that it shows invasive advertisements. These kinds of programs are categorized as adware. Users often install adware without fully grasping the potential consequences it can bring about. It is recommended not to have apps of this type installed on the operating system.