Virus and Spyware Removal Guides, uninstall instructions

What is World Clock Extension?

Upon reviewing the World Clock Extension, it became evident that its intent revolves around functioning as a browser hijacker, with the aim of endorsing worldclockext.com, a fake search engine. World Clock Extension alters the settings of a web browser in order to establish control over it.

What kind of application is DeviceOptimizer?

DeviceOptimizer is an adware-type app that our research team discovered during a routine inspection of new file submissions to the VirusTotal website. This application is a part of the AdLoad malware family. DeviceOptimizer generates revenue for its developers by feeding users with undesirable and potentially malicious ads.

What kind of software is Text to Speech Conversion?

While investigating suspicious sites, we discovered the Text to Speech Conversion browser extension. It is promoted as a tool that converts text to speech. After examining this piece of software, we learned that it is a browser hijacker. Text to Speech Conversion makes changes to browser settings in order to promote (via redirects) the ksrc-withus.com fake search engine.

What kind of malware is Deadnet?

Deadnet is a malicious program within the ransomware classification. Our research team discovered it while investigating new malware submissions to the VirusTotal website. This program belongs to the MedusaLocker ransomware family.

Deadnet is designed to encrypt data and demand payment for its decryption. On our test machine, this ransomware encrypted files and added a ".deadnet26" extension to their filenames. For example, a file initially named "1.jpg" appeared as "1.jpg.deadnet26", "2.png" as "2.png.deadnet26", etc.

After the encryption process was completed, Deadnet ransomware dropped a ransom note titled "HOW_TO_BACK_FILES.html". Based on this message, it is evident that Deadnet targets companies rather than home users.

What kind of application is BradypusTridactylus?

While examining a malicious installer, our research team came across the BradypusTridactylus application. We found this installer on a dubious website. This application has the capacity to engage in dubious activities, such as adding the "Managed by your organization" feature to Chrome browsers.

What kind of application is ValueStandard?

Our researchers discovered ValueStandard while inspecting new file submissions to the VirusTotal website. Once we examined this piece of software, we determined that it is adware belonging to the AdLoad malware family.

ValueStandard is designed to generate revenue for its developers by feeding users with undesirable and deceptive advertisements.

What kind of scam is "Your Password Is Expiring"?

After assessing this email, our team has concluded that its intention is to mislead recipients into providing personal information. Such emails are categorized as phishing attempts, and the scammers behind this particular email are aiming to deceive recipients into providing sensitive information on a fake login website.

What kind of malware is Nzoq?

Our research team recently found a new member of Djvu ransomware dubbed Nzoq. Nzoq is a malicious software that encrypts files, rendering them inaccessible. We came across Nzoq while analyzing samples on the VirusTotal website.

Nzoq might be distributed alongside other malware like RedLine or Vidar. Once it infects a system, it changes encrypted file names by adding the ".nzoq" extension (e.g., "1.jpg" becomes "1.jpg.nzoq", "2.png" becomes "2.png.nzoq", etc.). It also leaves a ransom note titled "_readme.txt".

What kind of malware is Steloj?

Steloj is a ransomware-type program designed to encrypt data and demand ransoms for its decryption. Our research team discovered this malicious program while investigating new submissions to the VirusTotal website.

After we executed a sample of Steloj on our test system, it encrypted files and appended their names with a unique ID, the cyber criminals' email address, and a ".steloj" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.[55ace29897].[steloj@mailfence.com].steloj". Once the encryption was completed, a ransom note – "README_WARNING.txt" – was created.

What kind of application is WillowAmaze?

After reviewing the WillowAmaze application, it has come to our attention that it displays intrusive advertisements. Such software falls under the classification of adware. Users frequently install apps like WillowAmaze without fully understanding the potential ramifications they can have.