Virus and Spyware Removal Guides, uninstall instructions

What kind of application is VantageGains?

VantageGains is a rogue application that our researchers discovered while investigating VirusTotal website. After analyzing this piece of software, we determined that it is adware. VantageGains is part of the AdLoad malware family. This app operates by running intrusive ad campaigns.

What kind of malware is Alock?

During a routine inspection of new submissions to the VirusTotal website, our research team discovered the Alock ransomware-type program. It is part of the MedusaLocker ransomware family.

On our test system, Alock ransomware encrypted files and appended their filenames with a ".alock" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.alock", "2.png" as "2.png.alock", and so on for all of the locked files.

After the encryption process was completed, a ransom-demanding message titled "HOW_TO_BACK_FILES.html" was created. Based on the message therein, it is evident that Alock targets companies rather than home users. This ransomware also uses double extortion tactics.

What kind of scam is "Clop Ransomware.dll"?

While investigating rogue websites, our research team discovered the "Clop Ransomware.dll" technical support scam. Presented as Microsoft/Windows, this scam falsely claims that users' computers are infected to trick them into calling fake support lines. Typically, these scams involve remote access to victims' devices and are associated with severe threats.

What kind of malware is BLACK ICE?

BLACK ICE ransomware is a type of malware designed to encrypt data and demand ransoms for its decryption. Additionally, this program uses double extortion tactics.

After we executed a sample of BLACK ICE on our test machine, it encrypted files and appended their filenames with a ".ICE" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.ICE", "2.png" as "2.png.ICE", etc. Once the encryption was completed, this ransomware created a ransom note titled "ICE_Recovey.txt".

What kind of malware is INC?

INC is a ransomware-type program designed to encrypt data and demand payment for decryption. On our test machine, this malware encrypted files and appended their filenames with a ".INC" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.INC", "2.png" as "2.png.INC", and so forth.

After the encryption process was concluded, INC ransomware created a ransom note titled "INC-README.txt". Based on the message therein, it is evident that this malware targets companies rather than home users.

What kind of page is re-captha-version-3-21[.]top?

Re-captha-version-3-21[.]top is the address of a rogue site that promotes browser notification spam and redirects visitors to different (likely unreliable/malicious) webpages.

Most users access pages like re-captha-version-3-21[.]top via redirects caused by websites utilizing rogue advertising networks. Our researchers found this webpage while reviewing sites that use said networks.

It is important to note that the developers of re-captha-version-3-21[.]top website have released many websites with virtually identical domains. The only difference is last two digits (e.g., "re-captha-version-3-22[.]top", "re-captha-version-3-23[.]top", "re-captha-version-3-24[.]top", etc.)

What kind of application is ZestyPeak?

ZestyPeak is a rogue app that we discovered while investigating new submissions to VirusTotal. When we examined this application, we found that it is advertising-supported software (adware) belonging to the AdLoad malware family. ZestyPeak operates by running intrusive advert campaigns to generate revenue for its developers.

What kind of software is MySites?

While investigating dubious webpages, our research team found the MySites browser extension. This piece of software promises to provide quick access to users' most frequently visited websites. Our analysis revealed that this extension alters browser settings in order to generate redirects to the goog.mysitesext.com fake search engine. Due to this, MySites is categorized as a browser hijacker.

What kind of application is LookupLauncher?

Our researchers found the LookupLauncher rogue application during a routine inspection of new submissions to the VirusTotal site. After examining LookupLauncher, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family.

What kind of malware is Harward?

Harward is the name of a ransomware-type program. It operates by encrypting files and demanding payment for their decryption. After we executed a sample of this ransomware on our testing system, it encrypted files and altered their filenames.

Original titles were appended with the attackers' email, a unique ID assigned to the victim, and the ".harward" extension. For example, a "1.jpg" filename appeared as "1.jpg.EMAIL[alvarodecrypt@gmail.com]ID=[908D28930971C614].harward". Once this process was completed, a ransom note – "FILE ENCRYPTED.txt" – was created.