Virus and Spyware Removal Guides, uninstall instructions

What kind of application is Aves?

In the course of our review, it has been identified that Aves is a malicious browser extension capable of taking control of a web browser and gathering various information. The discovery of Aves took place when analyzing a malicious installer acquired from a deceptive website.

What is Maersk Line phishing campaign?

Upon examination, it has been established that this email is a fraudulent message sent by scammers posing as Maersk Line, a reputable shipping company. Scammers behind this email aim to trick unsuspecting recipients into opening the presented link and providing personal information. Emails of this nature are known as phishing emails.

What kind of malware is LEAKDB?

While investigating new submissions to VirusTotal, our research team discovered another ransomware from the Phobos family called LEAKDB. Malware within this classification encrypts data and demands payment for its decryption.

On our test machine, LEAKDB ransomware encrypted files and altered their titles. Original filenames were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".LEAKDB" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3143].[pcsupport@skiff.com].LEAKDB".

After the encryption process was concluded, ransom notes were created in a pop-up window ("info.hta") and text file ("info.txt"), which were dropped into every encrypted directory and on the desktop. Based on the messages therein, it is evident that LEAKDB targets companies rather than home users.

What kind of program is SpaceRaces?

Upon close inspection, the outcome of our examination is that SpaceRaces is a potentially harmful application distributed via a malicious installer. SpaceRaces is installed concurrently with numerous other undesired components. This software has been observed operating in the Task Manager under the guise of "Volume - advanced Windows volume control".

What kind of application is FoundryIntelligence?

Upon our examination, it has become apparent that FoundryIntelligence is an advertising-supported application that displays annoying advertisements. Typically, users install apps like FoundryIntelligence on their computers without fully understanding what issues these apps can cause.

What kind of malware is Jazi?

Jazi, identified through the examination of samples submitted to VirusTotal, operates as ransomware upon infiltrating a system. Upon infiltration, it encrypts files, appends the ".jazi" extension to filenames, and leaves behind a ransom note labeled "_readme.txt". An example of the file renaming process is the transformation of "1.jpg" to "1.jpg.jazi", "2.png" to "2.png.jazi", etc.

It is essential to underscore the association of Jazi with the Djvu ransomware family. Notably, threat actors in the cyber realm have been observed deploying ransomware from this particular family concurrently with information stealers like Vidar and RedLine.

What kind of page is webprotectionrequired[.]com?

After analysis, it has come to our attention that webprotectionrequired[.]com is a deceptive website that displays misleading content and wants to send notifications. Also, webprotectionrequired[.]com may redirect visitors to similar pages. Thus, it is strongly recommended not to trust webprotectionrequired[.]com.

What kind of malware is Jawr?

Jawr is ransomware that has been discovered during analysis of samples submitted to VirusTotal. Once on the system, Jawr encrypts files, adds the ".jawr" extension to filenames, and leaves a ransom note ("_readme.txt"). An example of how files encrypted by Jawr are renamed: "1.jpg" is changed to "1.jpg.jawr", "2.png" to "2.png.jawr", and so forth.

It is crucial to emphasize that Jawr is affiliated with the Djvu ransomware family. Cyber threat actors have been observed disseminating ransomware from this family in conjunction with information stealers such as Vidar and RedLine.

What kind of page is messenger-rocks[.]com?

In the course of our review, it has been identified that messenger-rocks[.]com uses clickbait to lure visitors into allowing it to send notifications. Also, messenger-rocks[.]com can redirect visitors to other dubious websites. It is worth noting that pages like messenger-rocks[.]com are promoted using deceptive methods.

What kind of application is Overbright?

Our research team found the Overbright application while investigating submissions to the VirusTotal platform. After examining this app, we determined that it is advertising-supported software (adware). It is pertinent to mention that Overbright belongs to the Pirrit adware family.