Virus and Spyware Removal Guides, uninstall instructions

What kind of application is CosmoLoop?

CosmoLoop is a rogue application that our research team discovered while reviewing new submissions to the VirusTotal site. This app operates as advertising-supported software (adware). It is pertinent to mention that CosmoLoop belongs to the AdLoad malware family.

What kind of software is Night Reading for All?

We discovered the Night Reading for All browser extension while inspecting scam websites. This piece of software supposedly operates as a dark-mode tool for websites. However, after examining this browser extension, we determined that it is advertising-supported software (adware).

What kind of software is All Image Download?

Our researchers discovered the "All Image Download" browser extension while investigating deceptive websites. This extension supposedly allows users to easily download all of the images displayed on a webpage.

However, our analysis revealed that All Image Download operates as adware. It delivers intrusive advertisement campaigns and collects sensitive user data.

What kind of email is "Document Received"?

Our inspection of the "Document Received" email revealed that it is spam. This fake letter is presented as a notification regarding a document sent to the recipient via Microsoft SharePoint. This spam promotes a phishing website disguised as SharePoint, which targets email account log-in credentials.

It must be emphasized that this mail is in no way associated with the actual Microsoft Corporation or any other legitimate entities.

What kind of page is captchawizard[.]top?

After conducting our investigation, our team identified captchawizard[.]top as an untrustworthy website that uses deceptive methods to trick visitors into granting permission for notifications. It is common for users to come across websites like captchawizard[.]top inadvertently. We discovered it during an examination of other suspicious websites.

What kind of malware is Minas?

Minas is the name of a cryptocurrency mining malware. It is based on the legitimate XMRIG application designed to mine Monero cryptocurrency. Malware within this classification puts enormous strain on infected machines – thus endangering system and hardware health.

What kind of page is akice-co[.]in?

Our researchers discovered the akice.co[.]in rogue site during a routine inspection of untrustworthy websites. It is designed to promote browser notification spam and, at the time of research, used fake CAPTCHA verification for this purpose. Additionally, this page can redirect visitors to different (likely unreliable/dangerous) websites.

Most visitors to webpages like akice-co[.]in enter them through redirects caused by sites that use rogue advertising networks.

What kind of software is Best Wallpapers?

While investigating dubious webpages, our researchers discovered the Best Wallpapers browser extension. It is endorsed as a tool that displays browser wallpapers.

After installing this extension on our test machine, we learned it is a browser hijacker. Best Wallpapers modifies browser settings to promote (via redirects) the search.wallpaperhomepage.com illegitimate search engine.

What kind of application is DoubleCache?

Our research team discovered the DoubleCache application while investigating new submissions to VirusTotal. After analyzing this piece of software, we determined that it is adware. It is worth noting that DoubleCache is part of the AdLoad malware family.

What is Adfuhbazi ransomware?

Adfuhbazi is a ransomware-type program that our researchers discovered while reviewing new submissions to the VirusTotal website. This malicious program is part of the Snatch ransomware family.

On our testing system, Adfuhbazi encrypted files and appended their filenames with a ".adfuhbazi" extension. To elaborate, a file originally named "1.jpg" appeared as "1.jpg.adfuhbazi", "2.png" as "2.png.adfuhbazi", and so on for all of the encrypted files.

After this process was completed, a ransom note titled "HOW TO RESTORE YOUR ADFUHBAZI FILES.TXT" was created. Based on the message therein, it is clear that this ransomware targets large entities rather than home users.