Virus and Spyware Removal Guides, uninstall instructions

What is Mamai ransomware?

Mamai is the name of a ransomware-type program. It is part of the MedusaLocker ransomware family. Once we executed a sample of Mamai on our test machine, it began encrypting files and appended their filenames with a ".mamai10" extension.

Original filename like "1.jpg" appeared as "1.jpg.mamai10", "2.png" as "2.png.mamai10", etc. It is pertinent to mention that the number in the extension may vary depending on the ransomware's variant.

After the encryption process was finished, this ransomware created a ransom-demanding message – "How_to_back_files.html" – and dropped it onto the desktop. Based on the note therein, it is evident that Mamai targets companies rather than home users.

What is Zxc ransomware?

While investigating new malware submissions to VirusTotal, our researchers discovered the Zxc ransomware-type program. This malicious program belongs to the VoidCrypt ransomware family.

After we executed a sample of Zxc on our test machine, it encrypted files and modified their filenames. Original titles were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".zxc" extension. For example, a file named "1.jpg" appeared as "1.jpg.(MJ-KO1579824036)(hionly@tutanota.com).zxc".

Once the encryption process was finished, this ransomware created identical ransom notes in a pop-up window ("Decryption-Guide.HTA") and text file ("Decryption-Guide.txt").

What kind of email is "Webmail Security Changes"?

"Webmail Security Changes" was revealed to be a spam email by our inspection. This letter is presented as a notification from the recipient's mail service provider regarding unauthorized changes to the email account. This phishing letter targets recipients' log-in credentials in order to steal their email accounts.

What is Infinity Search?

While investigating suspicious websites, our researchers discovered the Infinity Search browser extension. After installing this piece of software on our test machine, we learned that it operates as a browser hijacker. Infinity Search modifies browsers to promote the search.infinity-searches.com fake search engine.

What kind of malware is SYS01?

The purpose of SYS01 is to steal sensitive information, such as login credentials, cookies, and data related to Facebook ad and business accounts. Cybercriminals behind SYS01 have been observed targeting employees in government infrastructure, manufacturing companies, and various other industries.

What kind of scam is "Ads.financetrack(1).exe"?

While inspecting deceptive websites, our research team discovered the "Ads.financetrack(1).exe" technical support scam. It is pertinent to mention that many different types of tech scams use this fake error/malware name.

Schemes of this kind make false claims regarding system infections in order to trick victims into calling fake helplines. Typically, these scams then progress to scammers requesting remote access to users' devices.

What kind of application is Pdf download tool?

Upon inspection, our team has determined that the Pdf download tool browser extension exhibits intrusive ad behavior and has the capability to access browsing-related data. This type of software is classified as adware. It is often deliberately downloaded by users. Our investigation found that the Pdf download tool is promoted on a deceptive web page.

What kind of email is "SaphetyDoc"?

After inspecting this "SaphetyDoc" email, we determined that it is spam. This fake letter is presented as a notification regarding a sent electronic document.

Once the recipient attempts to access the file, they are redirected to a phishing website that mimics their email account sign-in page. Hence, by trusting this email, users can have their mail accounts stolen.

What kind of scam is "Scam Activities In African Nations"?

After analyzing this email, we have concluded that it is a phishing attempt disguised as a message regarding scam activities. The individuals (scammers) behind this scam are attempting to obtain personal information from the recipients. For this reason, we highly advise disregarding this letter.

What kind of malware is CCC USA?

CCC USA is ransomware that prevents victims from accessing their files by encrypting them. Also, CCC USA appends the ".cccusawasted" extension to filenames and provides a ransom note (creates "[filename]_info" files containing the same ransom note for each encrypted file).

An example of how CCC USA modifies filenames: it changes "1.jpg" to "1.jpg.cccusawasted", "2.png" to "2.png.cccusawasted", and so forth. Our malware researchers discovered CCC USA while examining samples submitted to VirusTotal.