Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Tcvjuo?

During our examination of malware samples submitted to VirusTotal, we came across Tcvjuo, a ransomware variant associated with the Snatch family. Tcvjuo is designed to encrypt files, append its extension (".tcvjuo") to the filenames of encrypted files, and generate a ransom note named "HOW TO RESTORE YOUR TCVJUO FILES.TXT".

An illustration of how Tcvjuo performs its file modification: it renames "1.jpg" to "1.jpg.tcvjuo", "2.png" to "2.png.tcvjuo", and so on.

What kind of page is mithrilminer[.]top?

During our investigation of mithrilminer[.]top, we uncovered its deceptive practices of coaxing visitors into granting permission to show notifications. Additionally, the website redirects users to similar pages. Our team encountered mithrilminer[.]top while analyzing websites associated with questionable advertising networks.

What kind of malware is Hgjzitlxe?

While inspecting malware samples submitted to VirusTotal, we discovered Hgjzitlxe, which is ransomware belonging to the Snatch family. We found that Hgjzitlxe encrypts files, appends its extension (".hgjzitlxe") to filenames, and creates a ransom note ("HOW TO RESTORE YOUR HGJZITLXE FILES.TXT").

An example of how Hgjzitlxe modifies filenames: it replaces "1.jpg" with "1.jpg.hgjzitlxe", "2.png" with "2.png.hgjzitlxe", and so forth.

What kind of page is nighridadered[.]com?

During our investigation of nighridadered[.]com, we found that the website employs a clickbait technique to entice visitors into subscribing to its notifications. Furthermore, nighridadered[.]com may redirect users to unreliable websites. As a result, it is strongly recommended to avoid accessing nighridadered[.]com.

What kind of page is news-dudafa[.]com?

Our research team discovered the news-dudafa[.]com rogue webpage during a routine investigation of untrustworthy sites. This page is designed to push browser notification spam. It can also redirect users elsewhere (likely unreliable/hazardous websites).

Most visitors to webpages like news-dudafa[.]com access them via redirects generated by sites using rogue advertising networks.

What kind of application is UniversalDisplay?

We discovered the UniversalDisplay rogue application during a routine inspection of new submissions to the VirusTotal website. After investigating this piece of software, we determined that it is adware belonging to the AdLoad malware family.

What kind of malware is Protect (MedusaLocker)?

While investigating new submissions to the VirusTotal site, our researchers discovered the Protect ransomware-type program. It is part of the MedusaLocker ransomware family. Ransomware is designed to encrypt data and demand ransoms for its decryption.

On our test machine, a sample of Protect encrypted files and appended their filenames with a ".protect3" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.protect3", "2.png" as "2.png.protect3", etc. It is pertinent to mention that the number in the extension can vary based on the ransomware's variant.

After the encryption process was completed, a ransom note titled "How_to_back_files.html" was created. Based on the message therein, it is evident that Protect (MedusaLocker) ransomware targets companies rather than home users.

What kind of malware is Wayn?

During our examination of malware samples submitted to the VirusTotal website, we encountered Wayn, a ransomware variant that encrypts files and adds the ".wayn" extension to filenames. Additionally, Wayn leaves a ransom note (a text file named "_readme.txt").

An example of how Wayn modifies filenames: it changes "1.jpg" to "1.jpg.wayn", "2.png" to "2.png.wayn", and so forth. Wayn belongs to the Djvu family, which is known for its association with other malware, such as RedLine and Vidar, which are information stealers. Threat actors have been observed distributing ransomware from the Djvu family along with these malicious programs.

What kind of malware is Wazp?

While analyzing malware samples on VirusTotal, we encountered a ransomware variant called Wazp, which belongs to the Djvu family. This ransomware encrypts files and alters their filenames by appending the ".wazp" extension. Additionally, Wazp leaves behind a ransom note file named "_readme.txt".

It is important to mention that it is common for ransomware belonging to the Djvu family to be distributed alongside other malware, such as RedLine or Vidar, which are known for their ability to steal information. An example of how Wazp renames files: it changes "1.jpg" to "1.jpg.wazp", "2.png" to "2.png.wazp", and so on.

What kind of application is Streaming?

While investigating suspicious sites, our research team found a page promoting an installation setup containing the Streaming application. After examining this app, we determined that it is advertising-supported software (adware).