Virus and Spyware Removal Guides, uninstall instructions

What kind of application is Info?

While checking out rogue websites, our research team found an installation setup containing an adware-type application named Info. It is pertinent to mention that said installer was also bundled with the eLiteSort malware.

What kind of page is nowcaptchahere[.]top?

Our team has concluded that nowcaptchahere[.]top is an unreliable website that shows a deceptive message to trick visitors into consenting to receive notifications. It is common for individuals to access websites like nowcaptchahere[.]top accidentally. We found nowcaptchahere[.]top while examining other dubious pages.

What kind of malware is Coaq?

During our examination of malware samples submitted to VirusTotal, we came across a variation of Djvu ransomware known as Coaq. This version encrypts files and adds the ".coaq" extension to their names. Moreover, Coaq also creates a ransom note file named "_readme.txt".

Since Coaq is associated with Djvu ransomware, it could be disseminated with other malware like RedLine, Vidar, or other types of data-stealing malware. An example of how Coaq alters file names: "1.jpg" becomes "1.jpg.coaq", "2.png" becomes "2.png.coaq", and so on.

What kind of malware is Cosw?

Our investigation of malware samples uploaded to VirusTotal has uncovered a new version of the Djvu ransomware dubbed Cosw. Its primary aim is to encrypt files on the infected computer and rename them with by appending the ".cosw" extension. Cosw also creates a file named "_readme.txt", which contains instructions on how to pay a ransom to obtain a decryption tool.

It is worth noting that Cosw may be distributed alongside information stealers such as RedLine or Vidar. As an example of how Cosw renames files: it changes "1.jpg" to "1.jpg.cosw" "2.png" to "2.png.cosw" and so on.

What is Carver ransomware?

While inspecting new submissions to VirusTotal, our researchers discovered Carver – a malicious program belonging to the Phobos ransomware family. Malware within this category is designed to encrypt data and demand ransoms for its decryption.

After we executed a sample of Carver on our test machine, it encrypted files and altered their filenames. To elaborate, original filenames were appended with a unique ID, the cyber criminals' email address, and a ".Carver" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.id[9ECFA84E-3455].[ineedatool@rape.lol].Carver".

Once the encryption was finished, Carver ransomware created two ransom notes "info.hta" (pop-up window) and "info.txt".

What kind of malware is ImBetter?

ImBetter is the name of an information-stealing malware. Stealers can extract a wide variety of sensitive information from systems and installed applications. ImBetter has been actively spread via malicious websites disguised as ones relating to cryptocurrency and those offering online file format conversion services.

What is CD Collection?

While investigating rogue websites, our research team discovered an installer bundled with the CD Collection malicious program. If CD Collection is detected on the system, it is highly likely that adware and/or other unwanted/malicious content has infiltrated it as well.

What kind of email is "Messages Not Delivered Due To Server Interruptions"?

Our inspection of the "Messages Not Delivered Due To Server Interruptions" email revealed that it is spam. This phishing letter aims to trick recipients into disclosing their email account credentials by making false claims regarding undelivered messages.

What is browsing-shield.xyz?

While inspecting browser-hijacking software, our research team discovered the browsing-shield.xyz fake search engine. These websites cannot generate search results, so they redirect to legitimate search engines.

Sites like browsing-shield.xyz are typically promoted (through redirects) by browser hijackers. Additionally, these websites and the software endorsing them usually have the ability to collect sensitive information.

What is Skynetwork ransomware?

Our researchers discovered the Skynetwork ransomware-type program while investigating new submissions to VirusTotal. This program is part of the MedusaLocker ransomware family, and it is designed to encrypt data and demand ransom for its decryption.

Once we launched a sample of Skynetwork on our test system, it encrypted files and appended their titles with a ".skynetwork8" extension. For example, a filename like "1.jpg" appeared as "1.jpg.skynetwork8", "2.png" as "2.png.skynetwork8", and so forth.

Afterwards, a ransom-demanding message named "How_to_back_files.html" was dropped onto the desktop. Based on the note therein, we can conclude that this ransomware targets companies rather than home users.