Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is DarkVision?

DarkVision is the name of a Remote Administration Trojan (RAT). Malware of this type is designed to provide unauthorized access to a victim's computer. The RAT allows attackers to control the infected computer remotely, giving them access to sensitive data and the ability to perform a range of malicious actions.

What kind of malware is Akira?

Akira is the name of ransomware designed to encrypt data, modify the filenames of all affected files (by appending the ".akira" extension), and create a ransom note ("akira_readme.txt"). Also, upon execution, Akira runs a PowerShell command to delete Windows Shadow Volume Copies on the device.

An example of how Akira changes filenames: it renames "1.jpg" to "1.jpg.akira", "2.png" to "2.png.akira", and so forth.

What kind of application is Toddler?

Our team's analysis of the Toddler browser extension showed that it operates as a browser hijacker. Its main aim is to promote a fake search engine (finddbest.co). To achieve browser hijacking, Toddler alters the settings of the user's browser. It is worth noting that most users add browser-hijacking apps to browsers unintentionally.

What kind of malware is FSHealth?

FSHealth is ransomware that blocks access to files by encrypting them. Also, FSHealth modifies filenames (by appending the victim's ID, email address, and ".locked" extension to them) and drops its ransom note ("How_to_decrypt_my_files.html").

An example of how FSHealth renames files: it changes "1.jpg" to "1.jpg.[9ECFA84E1F8BFBFF000A0655][fshealth@outlookpro.net].locked", "2.png" to "2.png.[9ECFA84E1F8BFBFF000A0655][fshealth@outlookpro.net].locked", and so forth.

What kind of page is realbeyondcook[.]com?

Our team has determined that realbeyondcook[.]com is an untrustworthy website that employs deceptive tactics to deceive visitors into agreeing to receive notifications. It is not uncommon for individuals to unintentionally stumble upon websites like realbeyondcook[.]com. We came across this site while investigating other dubious web pages.

What kind of page is topfieldnow[.]com?

Topfieldnow[.]com is a rogue page we discovered while inspecting questionable websites. This webpage promotes browser notification spam and redirects visitors to other (likely unreliable/dangerous) sites. Most users enter pages like topfieldnow[.]com through redirects generated by websites that employ rogue advertising networks.

What is Antoni ransomware?

Antoni is the name of a ransomware-type program. Malware, classed as "ransomware", is designed to encrypt data and demand ransoms for its decryption.

On our testing system, Antoni ransomware encrypted files and appended their filenames with a ".Antoni" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.Antoni", "2.png" as "2.png.Antoni", etc. Afterwards, a ransom note named "Antoni_Recovery.txt" was created on the desktop.

What kind of malware is Qopz?

Qopz, a ransomware belonging to the Djvu family, was detected by our malware researchers while analyzing samples on VirusTotal. This malicious software encrypts files, with Qopz adding the ".qopz" extension to the original filenames and leaving a ransom note called "_readme.txt".

For example, a file named "1.jpg" would be changed to "1.jpg.qopz", "2.png" to "2.png.qopz", and so forth. It should be noted that Djvu ransomware is often distributed alongside information stealers like RedLine and Vidar.

What kind of malware is Qore?

Our team came across Qore ransomware during our analysis of malware samples submitted to VirusTotal. Qore is part of the Djvu ransomware family. It encrypts files and adds the ".qore" extension to their filenames. This ransomware also creates a "_readme.txt" file containing payment and contact information.

It is common for Djvu ransomware to be distributed with information stealers like RedLine or Vidar, which steal sensitive data from infected computers before encrypting files. An example of how Qore renames files: it changes "1.jpg" to "1.jpg.qore", "2.png" to "2.png.qore", and so on.

What kind of malware is AuKill?

AuKill is the name of a malware designed to terminate security processes, thus prepping the compromised system for further infections.

This malicious software has been implemented in at least three attacks since January 2023. Twice AuKill was used preceding a Medusa Locker ransomware infection and once before Lockbit ransomware. However, AuKill could be used as part of an infection chain for various malicious programs.