Virus and Spyware Removal Guides, uninstall instructions

What kind of application is Images Switcher?

Our team found that the Images Switcher browser extension is an advertising-supported app after conducting a thorough examination. This extension displays intrusive advertisements. Our team discovered Images Switcher on a questionable website. Users often unknowingly download and install (or add) adware to their systems (or browsers).

What kind of malware is NEVADA?

NEVADA is the name of ransomware targeting Windows and Linux operating systems. It is written in the Rust programming language. NEVADA encrypts files, appends the ".NEVADA" extension to filenames, and drops its ransom note (the "readme.txt" file) in folders containing encrypted files.

An example of how NEVADA ransomware modifies filenames: it changes "1.jpg" to "1.jpg.NEVADA", "2.doc" to "2.doc.NEVADA", and so forth. Cybercriminals who have developed NEVADA are selling it using the RaaS (Ransomware as a service) model.

What kind of email is "Please Find Attached My CV"?

After inspecting this "Please Find Attached My CV" email, we determined that it is malspam. This spam letter is presented as a CV submission from a party interested in working for the recipient's company. The file attached to this email is designed to infect devices with the Agent Tesla malware.

What kind of page is noutzing[.]com?

While examining noutzing[.]com, our team discovered that this page displays a deceptive message. The purpose of noutzing[.]com is to trick visitors into permitting it to show notifications. Also, it may redirect to other shady websites. Users open sites like noutzing[.]com inadvertently.

What is Sunjn ransomware?

Sunjn is the name of a ransomware-type program that we discovered while inspecting new submissions to VirusTotal. This program is part of the VoidCrypt ransomware family.

After we executed a sample of Sunjn on our test machine, it encrypted files and altered their filenames. Original titles were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".sunjn" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.[MJ-ML6408927315](Sunjun3412@onionmail.org).sunjn" – following encryption.

Once the encryption process was concluded, a ransom-demanding message – "Decryption-guide.txt" – was created on the desktop.

What kind of malware is Anonymous?

While inspecting malware samples submitted to the VirusTotal page, we discovered a ransomware variant based on Chaos ransomware dubbed Anonymous. This variant encrypts data, appends its extension (four random characters) to filenames, changes the desktop wallpaper, and the "for dencrypt" file that contains a ransom note.

An example of how Anonymous ransomware modifies filenames: it renames "1.jpg" to "1.jpg.4h9n", "2.doc" to "2.doc.nh54", and so forth.

What kind of page is liffswithabr[.]com?

While researching suspicious websites, we discovered the liffswithabr[.]com rogue page. It operates by pushing browser notification spam and redirecting visitors to different (likely unreliable/harmful) sites. Most users access liffswithabr[.]com and similar pages through redirects caused by websites that use rogue advertising networks.

What is Dgnlwjw ransomware?

While inspecting new submissions to VirusTotal, our research team discovered yet another ransomware-type program from the Snatch family – called Dgnlwjw. Malware within this classification is designed to encrypt data for the purpose of making ransom demands for the decryption tools.

When we executed a sample of Dgnlwjw on our test machine, it encrypted files and appended their filenames with a ".dgnlwjw" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.dgnlwjw", "2.png" as "2.png.dgnlwjw", etc.

Once this process was concluded, a ransom-demanding message – "HOW TO RESTORE YOUR FILES.TXT" – was created.

What kind of application is Dark Theme For Chrome?

Our team has examined Dark Theme For Chrome browser extension and found that it shows intrusive ads and can read browsing-related data. Apps that display ads are classified as adware. Users often download such software o purpose. We discovered Dark Theme For Chrome on a deceptive page.

What is AccessUnit?

While investigating new submissions to VirusTotal, our research team discovered the AccessUnit app. This piece of rogue software operates as adware. Furthermore, we determined that this application is part of the AdLoad malware family.