Virus and Spyware Removal Guides, uninstall instructions

What kind of page is captchaforcaptcha[.]top?

Captchaforcaptcha[.]top is a rogue webpage that we discovered while checking out suspicious websites. At the time of research, this page had two appearance variants – both designed to promote spam browser notifications. Furthermore, captchaforcaptcha[.]top can redirect visitors to other (likely untrustworthy/harmful) sites.

Users typically enter webpages like captchaforcaptcha[.]top through redirects caused by sites that use rogue advertising networks.

What kind of application is ResultProtocol?

During our investigation of various deceptive web pages (e.g., those offering updates for supposedly outdated software), our team discovered a questionable application called ResultProtocol. Upon installation, ResultProtocol began displaying unwanted advertisements, leading us to classify this app as adware.

What is Alice ransomware?

Our researchers found the Alice ransomware while investigating new malware submissions to VirusTotal. Malicious programs within this classification operate by encrypting data and demanding payment for decryption.

After we executed a sample of Alice on our test machine, it encrypted files and appended their filenames with a ".alice" extension. To elaborate, a file originally titled "1.jpg" appeared as "1.jpg.alice", "2.png" as "2.png.alice", and so on for all of the compromised files.

Once the encryption process was completed, a text file named "How To Restore Your Files.txt" was created. This file contains the ransom-demanding message in Russian.

What kind of application is Files Downloader Expert?

Files Downloader Expert is an application that our team discovered on a suspicious website, though the app also has an official site. Upon testing the application, we discovered that it is a browser extension that displays intrusive advertisements. Due to this behavior, we have classified Files Downloader Expert as adware.

What kind of malware is M2RAT?

M2RAT is a backdoor malware that operates as a remote access trojan (RAT), performing functions such as keylogging, data theft, command execution, and taking screenshots. The malware uses shared memory sections for commands and data exfiltration, leaving few traces on the infected device.

What kind of malware is goatRat?

goatRat is the name of a remote access trojan (RAT) - a malicious app that allows attackers to take control of an Android device. Malware of this type can provide attackers with access to sensitive information like messages, call logs, and photos, as well as the ability to execute commands, take screenshots, record audio, and video, etc.

What kind of page is softlifeinfo[.]com?

Our researchers discovered the softlifeinfo[.]com rogue webpage during a routine inspection of dubious sites. This page promotes untrustworthy/harmful software and browser notification spam. Additionally, it can redirect visitors to different (likely unreliable/hazardous) websites.

Users typically access pages like softlifeinfo[.]com through redirects caused by sites that employ rogue advertising networks.

What is Zteqqd ransomware?

Zteqqd is a ransomware-type program that our researchers discovered while inspecting new submissions to VirusTotal. On our testing machine, this ransomware encrypted files and altered their filenames.

The titles of affected files were appended with a unique ID assigned to the victim and a ".zteqqd" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.[ID-9ECFA84E].zteqqd", and so forth. After the encryption process was completed, this ransomware dropped a ransom note – "RESTORE_FILES_INFO.txt" – onto the desktop.

What is SharedFormat?

While inspecting new submissions to VirusTotal, our research team discovered the SharedFormat application. After examining this piece of software, we determined that it is adware belonging to the AdLoad malware family. This app is designed to display advertisements, and it may have additional harmful functionalities.

What kind of page is foylosd[.]xyz?

Our team has examined securityguardplus[.]site and found that this page uses deceptive marketing to promote legitimate antivirus software. It shows deceptive messages to trick visitors into believing that their computers might be infected. We determined that securityguardplus[.]site runs the "You've visited illegal infected website" scam.