Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Nifr?

While analyzing malware samples submitted to VirusTotal, our team came across Nifr ransomware, which belongs to the Djvu family. Upon infecting a computer, Nifr encrypts files and adds the ".nifr" extension to their filenames. For instance, a file originally named "1.jpg" would be renamed to "1.jpg.nifr", while "2.png" would become "2.png.nifr", etc.

Nifr also generates a ransom note in the form of a text file named "_readme.txt". It is probable that threat actors distribute Nifr together with information stealers such as Vidar and RedLine.

What kind of malware is Niwm?

The malware researchers in our team detected Niwm, a ransomware that falls under the Djvu family, during their analysis of samples that were submitted to VirusTotal. Ransomware is a malicious software that encrypts files, and in the case of Niwm, it appends ".niwm" extension to the original filenames and drops a ransom note, which is named "_readme.txt".

For instance, Niwm changes the name of "1.jpg" to "1.jpg.niwm" and "2.png" to "2.png.niwm", and so on. It is worth noting that Djvu ransomware is often disseminated alongside information stealers such as RedLine and Vidar.

What kind of application is Flash-Search?

After examining the Flash-Search browser extension, our team has determined that it operates as a browser hijacker. The primary aim of this program is to promote flash-search.xyz, a fake search engine. To accomplish this, Flash-Search alters the settings of the user's browser.

What kind of email is "Microsoft Defender Protection"?

Upon scrutinizing the letter, we have concluded that it is a fraudulent email that has been created by scammers with the intention of tricking recipients into contacting them. The email is disguised as a communication from Microsoft and includes a fake customer support number. We strongly advise recipients to disregard such emails.

What kind of application is GuideUnit?

Our examination of GuideUnit showed that it exhibits intrusive advertisements, which is why we classified it as adware. Additionally, GuideUnit may have the ability to access sensitive information. It is important to note that users rarely download and install adware on purpose.

What kind of application is Nature Wallpapers?

During our assessment of the Nature Wallpapers application, we determined that it acts as a browser hijacker by altering certain web browser settings to promote a fake search engine (search.landscape-wallpaper.com). We came across Nature Wallpapers on a suspicious webpage.

What kind of malware is Cylance?

Cylance is the name of malicious software that operates as ransomware. Its purpose is to encrypt files (to prevent victims from accessing their data). Additionally, Cylance appends the ".Cylance" extension to filenames and creates the "CYLANCE_README.txt" file (a ransom note).

Cylance targets Windows and Linux operating systems. An example of how Cylance modifies filenames: it renames "1.jpg" to "1.jpg.Cylance", "2.png" to "2.png.Cylance", and so forth. This ransomware shares the same name as Cylance enterprise cybersecurity, but the latter offers customers endpoint security services that are completely unrelated to the ransomware.

What kind of malware is Jycx?

During our analysis, we identified Jycx as ransomware that employs file encryption and modifies the file names by appending the ".jycx" extension. Furthermore, it generates a ransom note, the "_readme.txt" file. Our team came across Jycx while examining various malware samples submitted to the VirusTotal website.

An example of how Jycx modifies filenames: it changes "1.jpg" to "1.jpg.jycx", "2.png" to "2.png.jycx", and so forth. It is noteworthy that Jycx is a member of the Djvu ransomware family, which has been observed to be distributed by threat actors alongside RedLine, Vidar, and other information stealers.

What kind of malware is D7k?

D7k is ransomware designed to encrypt data on infected devices and append the ".D7k" extension to the filenames of all encrypted files. Additionally, D7k creates a text file named "note.txt". This file contains a ransom note. An example of how D7k renames files: it changes "1.jpg" to "1.jpg.D7k", "2.png" to "2.png.D7k", and so forth.

What kind of application is PhasePure?

During our testing of PhasePure, we observed that it displays intrusive ads, leading us to categorize it as adware. Moreover, PhasePure has the capability to access sensitive information. It is noteworthy that users seldom intentionally download and install adware.