Virus and Spyware Removal Guides, uninstall instructions

What is Cyber (Chaos) ransomware?

Cyber is the name of a malicious program based on the Chaos ransomware. Our researchers discovered this malware while inspecting new submissions to VirusTotal.

Once we executed a sample of Cyber (Chaos) ransomware on our test system, it began encrypting files and appended their filenames with a ".Cyber" extension. To elaborate, a file initially titled "1.jpg" appeared as "1.jpg.Cyber", "2.png" as "2.png.Cyber", etc. Afterwards, the desktop wallpaper was changed, and a ransom note named "read_it.txt" was created.

What kind of page is coolcaptchahere[.]top?

Our team found that coolcaptchahere[.]top displays a misleading message with the intention of tricking visitors into allowing it to display notifications. Additionally, this website may redirect users to other suspicious sites. It is important to note that users access sites like coolcaptchahere[.]top unintentionally.

What kind of malware is Craa?

Our team discovered Craa ransomware, a Djvu family member, while analyzing malware samples submitted to VirusTotal. When infecting a computer, Craa encrypts files and appends the ".craa" extension to their filenames. Additionally, it creates a ransom note in the form of a text file named "_readme.txt".

An example of how Craa renames files: it renames "1.jpg" to "1.jpg.craa", "2.png" to "2.png.craa", and so forth. It is likely that threat actors distribute Craa alongside information stealers like Vidar and RedLine.

What is Like (Dharma) ransomware?

While investigating new submissions to VirusTotal, our research team discovered a ransomware named Like that belongs to the Dharma family.

Once we executed a sample of Like (Dharma) ransomware on our test machine, it encrypted files and changed their filenames. The titles of affected files were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".like" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.id-9ECFA84E.[help@decrypt-files.info].like".

Afterwards, ransom-demanding messages were created/displayed in a pop-up window and a text file titled "FILES ENCRYPTED.txt".

What kind of malware is Jerd?

Jerd is ransomware designed to encrypt data, append the victim's ID, jerd@420blaze.it email address, and the ".j3rd" extension to filenames, and provide two ransom notes (display a pop-up window and create a text file named "info.txt"). Jerd belongs to the Dharma ransomware family. We discovered it while analyzing samples submitted to VirusTotal.

An example of how files encrypted by Jerd are renamed: "1.jpg" is renamed to "1.jpg.id-9ECFA84E.[jerd@420blaze.it].j3rd", "2.png" is renamed to "2.png.id-9ECFA84E.[jerd@420blaze.it].j3rd", and so forth.

What kind of malware is Nexus?

Nexus is the name of a banking trojan targeting Android Operating Systems (OSes). According to the research done by Cyble analysts, Nexus is the rebranded version of the S.O.V.A. banking trojan.

As the classification implies, this malware primarily targets banking and finance related information. However, Nexus has a variety of malicious functionalities and thus poses threats of an even broader scope.

What kind of malware is Qazx?

Qazx is ransomware from the Djvu family that encrypts files on the victim's computer and demands a ransom payment for decryption tools. We found Qazx while reviewing recently submitted malware samples on the VirusTotal site. It is important to note that Qazx may be distributed alongside other malware, such as RedLine or Vidar.

Additionally, Qazx adds the ".qazx" extension to the filename of each encrypted file. For instance, a file named "1.jpg" gets renamed to "1.jpg.qazx", "2.png" becomes "2.png.qazx", etc. Also, Qazx drops a ransom note in the form of a file called "_readme.txt".

What kind of malware is Qarj?

Our team identified Qarj as a type of ransomware that belongs to the Djvu ransomware family. Once it infects a system, it encrypts files and modifies their filenames by appending the ".qarj" extension. The ransom note, which provides instructions for contacting the attackers for file decryption, is stored in a file named "_readme.txt".

An example of how Qarj renames files: it changes "1.jpg" to "1.jpg.qarj", "2.png" to "2.png.qarj", and so forth. Our team discovered Qarj while inspecting malware samples submitted to VirusTotal. This ransomware may be distributed alongside information stealers such as Vidar or RedLine.

What kind of malware is Qapo?

During our analysis of malware samples submitted to VirusTotal, our research team came across a ransomware called Qapo. Qapo is a type of ransomware that belongs to the Djvu family and functions by encrypting the victim's files once it has infiltrated their computer. The original filename is modified by adding the extension ".qapo" to it.

For instance, "1.jpg" would be altered to "1.jpg.qapo," and "2.png" would be changed to "2.png.qapo," and so on. Additionally, Qapo generates a ransom note in the form of a text file named "_readme.txt". It is important to note that Qapo may be distributed alongside information stealers like RedLine and Vidar.

What is resultstec.com?

Our evaluation of resultstec.com has revealed that it is an untrustworthy search engine that could produce unreliable search results and display dubious ads. Such search engines, like resultstec.com, are often promoted through browser-hijacking applications that modify web browser settings to promote the search engine.