Virus and Spyware Removal Guides, uninstall instructions

What is Bizzy Beaver?

Our research team discovered the Bizzy Beaver browser extension during a routine investigation of untrustworthy sites. It is endorsed as a productivity tool. However, our analysis uncovered that this extension modifies browsers to promote (thorough redirects) the search.bizzy-beaver.com fake search engine. Due to this behavior, Bizzy Beaver is categorized as a browser hijacker.

What is MetAI assistant?

While inspecting deceptive websites, our research team discovered a page promoting an installer containing the MetAI assistant browser extension. It is endorsed as a tool that allows users to employ "OpenAI" (likely the ChatGPT chatbot developed by OpenAI) on the Facebook social networking platform.

However, our analysis of this extension revealed that it operates as adware, i.e., it displays advertisements and collects sensitive information.

What is Qwik Search?

Our researchers discovered the Qwik Search browser extension while inspecting rogue websites. This software promises to improve the Web searching experience by allowing easy access to popular search engines. However, our analysis of Qwik Search revealed that it is a browser hijacker. This extension makes changes to browser settings in order to promote the search.qwik-search.com fake search engine.

What is ActivityCache?

While investigating new submissions to VirusTotal, our research team discovered the ActivityCache app. After inspecting this piece of software, we determined that it operates as adware. Additionally, we learned that this application is part of the AdLoad malware family.

What kind of email is "ACCOUNT SHUT-DOWN"?

Our inspection of the "ACCOUNT SHUT-DOWN" email revealed that it is spam. This letter states that the recipient's email account will be shut down per their request. This spam mail operates as a phishing scam and promotes a fake email sign-in page that records the passwords entered into it.

What kind of application is Never Forget Tab?

While inspecting the Never Forget Tab browser extension, we found that it is a browser hijacker designed to promote two fake search engines: find.eonenavigate.com and neverforgettab.com. This app promotes them by changing the web browser's settings. It is strongly recommended not to trust the Never Forget Tab app and fake search engines promoted through it.

What kind of application is Simple Ad Blocker?

While examining a deceptive website instructing visitors to update their Flash Player, our team came across a browser extension called Simple Ad Blocker. However, upon adding it, we discovered that it actually functions as adware. This app displays intrusive advertisements. Therefore, we advise against trusting Simple Ad Blocker.

What is kind of scam is "Email Storage Has Exceeded Its Limit"?

Upon examining this letter, we have determined that it is a fraudulent email composed by scammers with the intention of tricking recipients into divulging sensitive information. The email is disguised as a message from an email service provider and includes a hyperlink to a phishing website. It is advisable to disregard this scam email.

What kind of malware is SkullLocker?

While examining malware samples submitted to VirusTotal, we discovered a ransomware variant based on Chaos ransomware dubbed SkullLocker. This ransomware encrypts files, creates the "read_it.txt" file (a ransom note), and appends the ".skull" extension to filenames.

An example of how SkullLocker changes filenames: it renames "1.jpg" to "1.jpg.skull", "2.png" to "2.png.skull", and so forth.

What is Blacksnaketeam ransomware?

Blacksnaketeam is a ransomware-type program designed to encrypt data and demand payment for its decryption. When we executed a sample of Blacksnaketeam on our test machine, it began encrypting files.

The filenames of affected files were appended with a ".pay2unlock" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.pay2unlock", "2.png" as "2.png.pay2unlock", etc.

After the encryption process was completed, Blacksnaketeam changed the desktop wallpaper and created a ransom-demanding message named "UNLOCK_MY_FILES.txt".