Virus and Spyware Removal Guides, uninstall instructions

What is MinlWon ransomware?

MinlWon is a ransomware that we discovered during a routine investigation of new submissions to VirusTotal. Malware of this kind is designed to encrypt data and demand ransoms for its decryption.

After we executed a sample of MinlWon on our test system, it encrypted files and appended their files with a ".IP" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.IP", "2.png" as "2.png.IP", and so on. Once the encryption process was finished, the ransomware created a ransom-demanding message titled "LeadMe.txt". Additionally, the desktop wallpaper was changed.

What is DigitalEntry?

During a routine inspection of new submissions to VirusTotal, our research team discovered the DigitalEntry application. After investigating this piece of software, we learned that it is adware from the AdLoad malware family. DigitalEntry operates by running intrusive advertisement campaigns, and this app may have other harmful abilities as well.

What kind of malware is TargetWare?

TargetWare is ransomware - malware that encrypts files to deny access. Additionally, TargetWare provides a ransom note (in the "decrypt_Last_Chance.html" file) and renames files. This ransomware replaces filenames with a string of random characters.

For instance, it replaces "1.jpg" with "3E90344E39CEAD5099A04AA01D134C83", "2.png" with "22F17A9B4F2FA2A60B9078A19F5F5A5B", and so forth.

What is Kafan ransomware?

Kafan is a ransomware-type program that our researchers discovered while investigating new submissions to VirusTotal. Malware within this class is designed to encrypt data and demand payment for its decryption.

After we executed a sample of Kafan on our test machine, it encrypted files and appended their filenames with a ".kafan" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.kafan", "2.png" as "2.png.kafan", etc. Once this process was completed, the ransomware dropped a ransom note – "help_you.txt" – onto the desktop.

What kind of page is worde[.]click?

Upon inspecting worde[.]click, we concluded that this page shows deceptive messages, downloads a file, and asks for permission to show notifications. Our team stumbled upon worde[.]click during examination of websites that use rogue advertising networks and display dubious advertisements. Users access sites like worde[.]click inadvertently.

What is DivisionType?

Our research team discovered the DivisionType application during a routine inspection of new submissions to VirusTotal. After analyzing this app, we determined that it is adware belonging to the AdLoad malware family. Meaning that DivisionType operates by running intrusive advertisement campaigns, i.e., displaying ads.

What kind of malware is Skynetlock?

While inspecting Skynetlock, our team discovered that it is one of the ransomware variants belonging to the MedusaLocker family. We found Skynetlock while checking the VirusTotal site for recently submitted malware samples. The purpose of Skynetlock is to encrypt files.

Additionally, Skynetlock adds its extension (".skynetlock") to filenames and creates the "How_to_back_files.html" file containing a ransom note. An example of how Skynetlock modifies filenames: it changes "1.jpg" to "1.jpg.skynetlock", "2.png" to "2.png.skynetlock", and so forth.

What kind of malware is Raspberry Robin?

Raspberry Robin is a highly sophisticated malware (worm) known for evading detection and employing unique tactics. In the past year, it has become one of the most widely distributed malware in use by various threat actors to distribute other malicious software, including Clop ransomware and IcedID.

What is Gold (Xorist) ransomware?

Our research team discovered the Gold ransomware-type program while investigating new malware submissions to VirusTotal. This malicious program is part of the Xorist ransomware family.

Once we launched a sample of Gold (Xorist) ransomware on our testing system, it began encrypting files and changing their filenames. Original titles were appended with a ".gold" extension, e.g., a file initially named "1.jpg" appeared as "1.jpg.gold", "2.png" as "2.png.gold", etc.

Afterward, identical ransom notes in Russian were created in a text file named "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" and a pop-up window. It is noteworthy that if the system does not have the Cyrillic alphabet, the message in the pop-up will appear as gibberish.

What kind of application is Yearn New Tab?

Our investigation revealed that Yearn New Tab is a browser extension designed to hijack a web browser by changing some of its settings. Also, Yearn New Tab can read various data. A big part of browser-hijacking apps is promoted and distributed using shady methods. Thus, users often download and add them unintentionally.