Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Ahtw?

Ahtw is ransomware associated with the Djvu family. It encrypts files on the victim's computer and requests a ransom for the decryption tools. Our team encountered Ahtw during the analysis of recently submitted malware samples on the VirusTotal platform. It is worth mentioning that Ahtw may be distributed alongside other malware, including RedLine or Vidar.

Once Ahtw infects a computer, it appends the ".ahtw" extension to the filename of every encrypted file. For example, a file named "1.jpg" gets renamed to "1.jpg.ahtw", "2.png" to "2.png.ahtw", and so forth. Additionally, Ahtw creates a ransom note ("_readme.txt").

What kind of malware is Ahgr?

During our examination of malware samples submitted to VirusTotal, we came across Ahgr, a ransomware variant that is part of the Djvu family. Ahgr encrypts files and modifies their names by adding the ".ahgr" extension. Furthermore, it creates a ransom note as a text file named "_readme.txt".

Here is an example of how Ahgr alters file names: it transforms "1.jpg" into "1.jpg.ahgr", "2.png" into "2.png.ahgr", and so on. It is important to mention that Ahgr, being part of the Djvu ransomware family, may be distributed alongside information stealers like Vidar and RedLine.

What kind of malware is Ahui?

During our analysis of malware samples submitted to VirusTotal, we came across Ahui, ransomware belonging to the Djvu family. Ahui blocks access to files by encrypting them and alters their filenames by appending a new extension (".ahui"). Furthermore, it generates a ransom note (a text file named "_readme.txt").

To illustrate, Ahui modifies file names in the following manner: it changes "1.jpg" to "1.jpg.ahui", "2.png" to "2.png.ahui", and so on. It is important to note that ransomware associated with the Djvu family is often distributed alongside information stealers like Vidar and RedLine.

What kind of page is fastcheck[.]top?

Our research team discovered the fastcheck[.]top rogue page during a routine investigation of questionable websites. It is designed to push spam browser notifications and generate redirects to other (likely dubious/malicious) sites. Users typically access webpages via redirects caused by websites using rogue advertising networks.

What kind of page is dollarsurvey[.]top?

Dollarsurvey[.]top is a rogue webpage that we discovered while investigating untrustworthy sites. It is designed to endorse dubious content and browser notification spam. Additionally, this page can redirect users to different (likely unreliable/harmful) websites.

Visitors to dollarsurvey[.]top and similar webpages access them predominantly via redirects generated by sites that use rogue advertising networks.

What kind of page is ronadforyousystems[.]com?

While investigating websites utilizing questionable advertising networks, we encountered ronadforyousystems[.]com. This site employs a clickbait technique to trick visitors into permitting it to show notifications (ads). Moreover, this site may redirect visitors to other unreliable websites. Therefore, it is recommended to avoid accessing ronadforyousystems[.]com.

What kind of page is centrumbook[.]com?

Our researchers discovered the centrumbook[.]com rogue page during a routine investigation of suspicious websites. It operates by promoting browser notification spam and redirecting visitors to other (likely untrustworthy/dangerous) sites.

Most users enter webpages like centrumbook[.]com through redirects caused by sites that employ rogue advertising networks.

What kind of application is Wingman Clock?

During our investigation of the Wingman Clock browser extension, we discovered that it operates as a browser hijacker - it is designed to modify web browser settings. Our team encountered Wingman Clock on a suspicious website. It is unusual for users to download and install (or add) browser hijackers intentionally.

What kind of page is dating-universe[.]top?

Dating-universe[.]top is a rogue webpage that promotes browser notification spam and redirects visitors to other (likely unreliable/malicious) sites.

We discovered this page after investigating a spam email. In addition to such mail, visitors to websites like dating-universe[.]top access them primarily via redirects generated by sites using rogue advertising networks, mistyped URLs, intrusive ads, spam notifications, or installed adware.

What kind of application is Kryopage?

Our testing of the Kryopage browser extension uncovered that it functions as a browser hijacker. The primary objective of this application is to alter the settings of web browsers. Our team came across Kryopage on a dubious website. It is uncommon for users to download and add browser hijackers intentionally.