Virus and Spyware Removal Guides, uninstall instructions

What kind of application is Movies Craver?

Movies Craver is advertised as a reliable and fast application allowing users to search for movies. We have discovered it on a deceptive website. During the examination, we found that Movies Craver generates unwanted advertisements. Thus, we categorized it as an advertising-supported application (adware).

What kind of page is kxcdn[.]com?

Kxcdn[.]com is a rogue website that our research team discovered while inspecting untrustworthy pages. This site promotes deceptive content, pushes spam browser notifications, and redirects visitors to other (likely unreliable/malicious) websites.

Users typically access webpages of this kind via redirects caused by sites employing rogue advertising networks.

What kind of malware is Growtopia?

Growtopia (also known as CyberStealer) is an information stealer written in the C# programming language. It can obtain system information, steal information from various applications, and capture screenshots. Its developer claims that it has created this software for educational purposes only. This stealer uses the name of a legitimate online game.

What is ApproachWired?

ApproachWired is a rogue application that our researchers found while inspecting new submissions to VirusTotal. Our analysis of this piece of software revealed that it operates as adware and belongs to the AdLoad malware family.

What is CockyGrabber?

CockyGrabber is a piece of malicious software classified as a stealer. This program is designed to steal information from browsers installed onto the infected system.

What kind of malware is FreedomTeam?

During our routine check on malware samples submitted to the VirusTotal page, we discovered a new ransomware variant (that belongs to the Spora family) called FreedomTeam. We found that it encrypts files, appends the victim's ID, freedomteam@mail.ee email address, and a string of random characters to filenames.

Also, it creates the "Read_Me!_.txt" and "ReadMe_Now!.hta" files. An example of how FreedomTeam renames files: it changes "1.jpg" to "1.jpg[ID=39C73m-Mail=FreedomTeam@mail.ee].1ohe", "2.png" to "2.png[ID=39C73m-Mail=FreedomTeam@mail.ee].1ohe", and so forth. Text files that this ransomware creates contain different ransom notes.

What is BTC (VoidCrypt) ransomware?

BTC is the name of a malicious program belonging to the VoidCrypt ransomware family. Our research team discovered this ransomware-type program while inspecting new submissions to VirusTotal.

After executing a sample of BTC (VoidCrypt) ransomware on our test system, we learned that it encrypts files and alters their filenames.

The names of the compromised files were appended with a unique ID assigned to the victim, the cyber criminals email address, and a ".BTC" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.(MJ-FP9085364721)(RansomwareSupport@ZohoMail.com).BTC".

Once the encryption process was completed, a ransom note - "unlock-info.txt" - was created on the desktop.

What kind of software is DigitalFile?

While inspecting untrustworthy pages, our team discovered an advertising-supported application called DigitalFile. After examination, we concluded that the purpose of DigitalFile is to display annoying (and untrustworthy) advertisements. It is highly advisable not to have this app installed on the operating system.

What kind of page is notfcompreviews[.]com?

Notfcompreviews[.]com is a website that displays deceptive content (uses a clickbait technique) to trick visitors into agreeing to receive notifications from it. It is uncommon for such pages to be visited intentionally. Our team has discovered notfcompreviews[.]com while examining pages that use rogue advertising networks.

What kind of malware is Fdcv?

Fdcv is ransomware that encrypts files and appends the ".fdcv" extension to filenames. Also, it creates a text file ("_readme.txt") that contains a ransom note. Our malware researchers have discovered Fdcv while analyzing the samples submitted to the VirusTotal website. They also found that Fdcv belongs to a ransomware family called Djvu.

An example of how files encrypted by Fdcv are renamed: "1.jpg" is renamed to "1.jpg.fdcv", "2.png" to "2.png.fdcv", "3.exe" to "3.exe.fdcv", and so forth.