Virus and Spyware Removal Guides, uninstall instructions

What is Ssaw ransomware?

Our researchers discovered the Ssaw ransomware during a routine inspection of new submissions to VirusTotal. Ransomware is designed to encrypt data and demand payment for its decryption.

After we launched a sample of Ssaw on our test machine, it encrypted files and appended their filenames with a ".ssaw" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.ssaw", "2.png" as "2.png.ssaw", etc. Once this process was finished, the ransomware changed the desktop wallpaper and created a file titled "как расшифровать файлы.txt". Both the wallpaper and text file contained identical ransom notes in Russian.

It is pertinent to mention that the wallpaper depicted the doll used by the Jigsaw Killer in the Saw movie franchise, and the ransom notes contained a play on a famous quote from this franchise – "I want to play a game". It must be stressed that the Ssaw ransomware is not associated with these films or any other related individuals or entities.

What kind of application is AssistiveBalance?

During our testing of the AssistiveBalance application, our team identified that it displays aggressive and unwanted advertisements. Due to this behavior, we have classified AssistiveBalance as adware, which refers to software that is designed to generate revenue by displaying advertisements. Typically, users install adware without realizing it.

What kind of malware is Qotr?

Qotr, a variant belonging to the Djvu ransomware family, encrypts data and adds the ".qotr" extension to filenames. Qotr creates a "_readme.txt" file to provide contact and payment information. As an illustration of its file renaming method, Qotr changes "1.jpg" to "1.jpg.qotr", "2.png" to "2.png.qotr", and so forth.

Typically, Djvu ransomware is distributed alongside information stealers like RedLine or Vidar. Cybercriminals first steal sensitive data from compromised systems before proceeding to encrypt files. Our team found Qotr ransomware while examining malware samples submitted to VirusTotal.

What is Quick Video Find?

Our research team discovered the Quick Video Find browser extension during a routine investigation of untrustworthy websites. Quick Video Find promises the functionality of providing easy access to free downloads of audio/video from browsed websites. However, after inspecting this extension, we determined that it operates as advertising-supported software (adware).

What is Hockey Start?

While investigating suspicious websites, our researchers found one endorsing the Hockey Start browser extension. It is presented as a tool for quick access to hockey sports related online content.

However, after we analyzed this extension, we determined that it changes browser settings to promote the search.nstart.online fake search engine. Due to this behavior, Hockey Start is classified as a browser hijacker.

What kind of application is "Music"?

Our research team discovered the Music application while inspecting suspicious websites. After investigating this app, we determined that it is advertising-supported software (adware). In other words, Music operates by running intrusive advertisement campaigns.

What is finder-search.com?

Finder-search.com is the address of a fake search engine. Websites of this type usually cannot provide search results, and while finder-search.com can – they are likely to include unrelated and deceptive content. Illegitimate search engines are commonly promoted (through redirects) by browser hijackers. Additionally, these sites and software typically collect sensitive user data.

What is Atlantida?

Atlantida is the name of a stealer. Malware within this classification is designed to extract sensitive information from systems and applications installed on them. The Atlantida stealer has been observed being actively spread through suspicious freeware and "cracked" software websites.

What kind of malware is Qowd?

Qowd is ransomware that encrypts files on a victim's computer and demands a ransom payment in exchange for decryption tools. Our team discovered Qowd while checking the VirusTotal site for recently submitted malware samples. Qowd is a variant of the Djvu ransomware family. It may be distributed alongside other malware, such as RedLine or Vidar.

When Qowd infects a computer, it appends the ".qowd" extension to the filename of each encrypted file and drops a ransom note in the form of a file called "_readme.txt". For example, a file named "1.jpg" would be renamed to "1.jpg.qowd", "2.png" to "2.png.qowd", and so forth.

What kind of malware is Qoqa?

Qoqa is a type of ransomware that belongs to the Djvu family. Our research team discovered it while examining malware samples submitted to VirusTotal. Once it infects a computer, it encrypts the victim's files and renames them by appending the ".qoqa" extension to the end of the original filename.

For example, "1.jpg" would be renamed to "1.jpg.qoqa", "2.png" to "2.png.qoqa", etc. Additionally, Qoqa creates a ransom note, which is a text file named "_readme.txt". There is a chance that Qoqa is distributed alongside an information stealer such as RedLine or Vidar.