Virus and Spyware Removal Guides, uninstall instructions

What is Masons ransomware?

While reviewing new malware submissions to VirusTotal, our researchers discovered the Masons ransomware-type program.

After we executed a sample of Masons on our testing system, it encrypted files and appended their filenames with a ".masons" extension. For example, a file named "1.jpg" appeared as "1.jpg.masons", "2.png" as "2.png.masons", and so on for all of the encrypted files.

Once this process was concluded, a ransom note – "six62ix.txt" – was created. Additionally, Masons changed the desktop wallpaper.

What is GoogleUpdate?

GoogleUpdate is a malicious program that we found after installing a rogue setup downloaded from a deceptive webpage. The installer was also bundled with adware. Therefore, if GoogleUpdate is present on the system – other unwanted or malicious content has likely infiltrated it as well.

What kind of page is smilerweek[.]com?

While inspecting dubious websites, our researchers discovered the smilerweek[.]com rogue webpage. It operates by pushing spam browser notifications and redirecting visitors to different (likely untrustworthy/malicious) sites.

Users typically enter smilerweek[.]com and similar webpages via redirects caused by pages that use rogue advertising networks.

What kind of malware is Script?

Script is ransomware used by cybercriminals to encrypt data and demand payment in exchange for a decryption tool. Our team found that Script is part of the Chaos ransomware family. In addition to encrypting files, Script appends the ".Script" extension to filenames, changes the desktop wallpaper and creates the "read_it.txt" file (a ransom note).

An example of how Script ransomware renames files: it changes "1.jpg" to "1.jpg.Script", "2.doc" to "2.doc.Script", and so forth. We discovered Script while inspecting samples submitted to VirusTotal.

What kind of malware is Erqw?

While checking the VirusTotal page for recently submitted malware samples, we discovered ransomware belonging to the Djvu family dubbed Erqw. This ransomware encrypts data and appends the ".erqw" extension to filenames. Also, it provides a ransom note (creates the "_readme.txt" file).

An example of how Erqw renames files: it renames "1.jpg" to "1.jpg.erqw", "2.doc" to "2.doc.erqw", and so forth. It is known that sometimes actors distribute Djvu ransomware alongside RedLine, Vidar, or other information-stealing malware.

What is PrintManager?

While checking out untrustworthy websites, our researchers discovered an installation setup bundled with the PrintManager malicious program. Additionally, this installer was packed together with adware. Therefore, if a PrintManager infection is detected – it is likely that other unwanted/malicious components have infiltrated the system.

What kind of website is news-mexobi[.]com?

We have analyzed the news-mexobi[.]com page and found that it uses a clickbait technique to trick visitors into permitting it to send notifications. Also, news-mexobi[.]com redirects to other deceptive websites. Thus, this site cannot be trusted.

What is "Ledger Data Damage Error: 0x0m3Ck8n"?

While inspecting rogue websites, our research team discovered the "Ledger Data Damage Error: 0x0m3Ck8n" phishing scam. It is disguised as the Ledger website and targets users' Ledger-based cryptocurrency wallets.

After investigating "Ledger Data Damage Error: 0x0m3Ck8n", we determined that this scam uses multiple domains, some of which closely resemble Ledger's official site's URL.

What kind of scam is "ShibaInu AirDrop pop-up scam"?

Our examination revealed this is a scam website targeting crypto wallet login information. Providing information on such pages results in financial loss and potential additional problems, so this scam page should be ignored. Our team discovered that scammers promote this scam via email (and possibly other channels).

What kind of website is mentseconom[.]xyz?

We have inspected mentseconom[.]xyz and found that the purpose of this web page is to lure visitors into agreeing to receive its notifications. In addition to displaying deceptive content, mentseconom[.]xyz redirects visitors to other untrustworthy websites. Thus, mentseconom[.]xyz should not be trusted.