Virus and Spyware Removal Guides, uninstall instructions

What kind of application is MatchPicks?

While inspecting new submissions to VirusTotal, our researchers found the MatchPicks rogue application. After analyzing this app, we determined that it is advertising-supported software (adware). It is pertinent to mention that MatchPicks belongs to the AdLoad malware family.

What kind of software is Art And Weather?

Our research team discovered the Art And Weather browser extension while investigating dubious websites. It is endorsed as a tool that displays browser wallpapers and provides easy access to weather forecasts.

After examining this extension, we learned that it modifies browser settings to promote (via redirects) the artandweather.co fake search engine. This behavior classifies Art And Weather as browser-hijacking software.

What kind of application is TechTalent?

Our research team found the TechTalent application during a routine inspection of new submissions to VirusTotal. After examining this piece of software, we determined that it is adware. TechTalent is part of the AdLoad malware family.

What kind of application is PathwaySpan?

Following an assessment of the PathwaySpan application, we found that it exhibits bothersome advertisements, categorizing it as adware, also referred to as advertising-supported software. Users commonly install adware without a full grasp of the potential repercussions it may entail.

What kind of application is IntelligenceLabs?

IntelligenceLabs is an adware-type application that our research team found while inspecting new submissions to the VirusTotal website. This app belongs to the AdLoad malware family. IntelligenceLabs delivers intrusive ad campaigns and may have additional harmful capabilities.

What kind of application is CargoVictory?

After examining the CargoVictory application, it has come to our attention that it displays intrusive advertisements. These types of applications fall into the category of adware or advertising-supported software. It is not unusual for users to inadvertently install adware without a complete understanding of its presence or the potential repercussions it might bring.

What kind of malware is Trash Panda?

Our research team found the Trash Panda ransomware-type program during a routine investigation of new submissions to VirusTotal. This malicious program is designed to encrypt data and demand ransoms for its decryption.

After launching a sample of Trash Panda on our test system, it began encrypting files and appended their filenames with a ".monochrome" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.monochrome", "2.png" as "2.png.monochrome", etc. Once this process was completed, a ransom note titled "[random_string]-readme.html" was created.

What kind of malware is GPT?

While studying malware samples submitted to VirusTotal, we discovered a ransomware variant dubbed GPT. We found that GPT is part of the Dharma family. It encrypts files, appends the ".GPT" extension to filenames, and provides two ransom notes (displays a pop-up window and creates the "AI_SARA.txt" file).

An example of how GPT modifies filenames: it renames "1.jpg" to "1.jpg.id-1E857D00-SARA.[AI_SARA].GPT", "2.png" to "2.png.id-1E857D00-SARA.[AI_SARA].GPT", and so forth.

What kind of application is MovementEvolution?

After an analysis of MovementEvolution, our team has determined that its primary function revolves around displaying intrusive advertisements to users, leading to its classification as adware. Noteworthy is the fact that applications similar to MovementEvolution frequently find their way onto devices without users' knowledge.

What kind of malware is Yytw?

During our analysis of malware samples uploaded to VirusTotal, we encountered Yytw, a ransomware variant linked to the Djvu family. Yytw encrypts files, appends the ".yytw" extension to their filenames, and generates a ransom note in the form of a text file named "_readme.txt".

An example of how Yytw renames files is by changing "1.jpg" to "1.jpg.yytw", "2.png" to "2.png.yytw", and so forth. It is important to note that Yytw might be distributed alongside information-stealing malware like Vidar and RedLine, making it even more dangerous for users and their sensitive data.