Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is BIDON?

BIDON is a new variant of the MONTI ransomware. Programs within the ransomware category are designed to encrypt files and demand payment for their decryption.

After we executed a sample of BIDON on our test system, it began encrypting files. The filenames of affected files were appended with a ".PUUUK" extension. To elaborate, a file originally titled "1.jpg" appeared as "1.jpg.PUUUK", "2.png" as "2.png.PUUUK", etc.

After this process was concluded, the ransomware created a ransom note named "readme.txt". Based on the message therein, it is evident that BIDON uses double extortion tactics and targets large entities (e.g., companies) rather than home users.

What kind of application is RootCompact?

While analyzing the RootCompact application, we noticed its tendency to display intrusive advertisements. These types of applications are typically classified as adware, as they are supported by advertising. Users often unknowingly install apps like RootCompact without fully understanding their implications and potential for displaying bothersome ads.

What kind of application is Retro Search New Tab?

During our analysis of the Retro Search New Tab browser extension, our team observed that it alters specific web browser settings with the intention of promoting a fake search engine, retro-search.com. Applications displaying such conduct are commonly referred to as browser hijackers.

What kind of malware is Rtg?

During a routine inspection of new submissions to the VirusTotal site, our researchers discovered the Rtg ransomware-type program. It is part of the Xorist ransomware family. This malicious program encrypts data and demands ransoms for its decryption.

On our test machine, Rtg ransomware encrypted files and altered their filenames by appending them with a ".rtg" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.rtg", "2.png" as "2.png.rtg", and so forth.

After the encryption process was completed, identical ransom notes were created in a text file titled "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" and a pop-up window. It is noteworthy that the text in the latter will appear as gibberish if the infected system does not have the Cyrillic alphabet.

What kind of scam is "!!Dridex007!! Malware Detected"?

During our examination of this page, we discovered that it hosts a technical support scam, displaying deceptive pop-up messages to mislead visitors into thinking their computers are infected. It is crucial to avoid interacting with such sites as they are designed to deceive users. Usually, users access these websites unintentionally.

What kind of malware is Popn?

During our analysis of samples on VirusTotal, our team discovered a new variant of the Djvu ransomware family named Popn. This particular variant encrypts data and adds the ".popn" extension to the affected files. Also, the ransomware generates a ransom note called "_readme.txt".

Popn utilizes a file renaming pattern, transforming files such as "1.jpg" into "1.jpg.popn", "2.png" into "2.png.popn" etc. As a member of the Djvu family, Popn might be distributed alongside other malicious software, such as RedLine and Vidar information stealers.

What kind of malware is X?

X is ransomware that encrypts files, creates a ransom note ("X-Help.txt"), and renames files (appends the ".X" extension to filenames). Cybercriminals use this malware to extort money from victims. An example of how X modifies filenames: it renames "1.jpg" to "1.jpg.X", "2.png" to "2.png.X", and so forth.

What kind of malware is CherryBlos?

CherryBlos is the name of a malware targeting Android operating systems. This malicious program is classified as a stealer and a clipper. It operates by extracting/exfiltrating cryptowallet credentials and rerouting cryptocurrency transactions to wallets owned by the attackers.

At least four fake apps have been identified as ones used to infiltrate CherryBlos into devices. Several techniques have been observed in use to promote these applications.

It is pertinent to mention that CherryBlos is linked to another malware campaign dubbed FakeTrade. This operation entails fraudulent money-earning apps that promise monetary rewards for shopping or other tasks. However, victims are incapable of cashing out their earnings.

FakeTrade applications were hosted on the Google Play Store, but the known ones have been taken down as of writing. This campaign targeted users worldwide, with prevalent regions including Malaysia, Mexico, Indonesia, Philippines, Uganda, and Vietnam.

What kind of application is CloudConnectors?

Upon reviewing CloudConnectors, our team concluded that its main purpose is to present intrusive advertisements to users, classifying it as adware. Notably, applications like CloudConnectors are often downloaded and installed without users' awareness. Thus, it is recommended not to trust such apps.

What kind of application is CreativeApply?

While checking out new submissions to VirusTotal, our research team discovered the CreativeApply app. Our analysis of this piece of software revealed that it is adware. Additionally, we learned that CreativeApply is part of the AdLoad malware family.