Virus and Spyware Removal Guides, uninstall instructions

What kind of page is globaladvdomservices[.]com?

Our researchers discovered the globaladvdomservices[.]com rogue page while investigating dubious websites. It operates by promoting spam browser notifications, at the time of research, through the use of fake CAPTCHA verification. Additionally, this webpage can redirect visitors to other (likely unreliable/malicious) sites.

Most users access pages like globaladvdomservices[.]com via redirects caused by websites that use rogue advertising networks.

What is InstantFresh?

Our research team discovered the InstantFresh app while investigating new submissions to VirusTotal. Our inspection of this application revealed that it is advertising-supported software (adware) belonging to the AdLoad malware family. InstantFresh runs intrusive advertisement campaigns and may have additional harmful abilities.

What is GOGO ransomware?

GOGO is a ransomware-type program we discovered while checking out new submissions to VirusTotal. It belongs to the VoidCrypt ransomware family.

We executed a sample of GOGO ransomware on our testing system, and we learned that it encrypts files and appends their filenames with a unique ID assigned to the victim, the cyber criminals' email address, and a ".GOGO" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.(CW-IB5967382104)(gotocompute@tutanota.com).GOGO" following encryption.

Afterward, a ransom-demanding message titled "unlock-info.txt" was dropped onto the desktop.

What kind of page is wholenicefeed[.]com?

Our researchers discovered the wholenicefeed[.]com rogue page while inspecting suspicious websites. It operates by promoting spam browser notifications and redirecting visitors to other (likely dubious/malicious) sites. Users typically access webpages like wholenicefeed[.]com via redirects caused by websites using rogue advertising networks.

What is Covid29 ransomware?

While checking out new submissions to VirusTotal, our researchers found the Covid29 ransomware-type program. Malware within this category aims to extract payment (ransoms) from victims – typically for the decryption of encrypted files. However, Covid29 does not operate in this manner.

Several minutes after we executed a sample of Covid29 on our testing machine, it shut down the system. Instead of encrypting files, this ransomware deleted them. Before the system shutdown, Covid29 displayed a screen-locking message and opened a text file titled "covid29-is-here.txt" that contained a misleading ransom note.

What kind of website is youngmedias[.]biz?

Youngmedias[.]biz is one of the websites that display deceptive messages to lure visitors into agreeing to receive notifications from them. Usually, users open such pages inadvertently. We discovered youngmedias[.]biz while inspecting sites that use shady advertising networks.

What kind of application is App?

Our team has tested the App browser extension and found that it functions as a browser hijacker. The purpose of this extension is to promote various fake search engines. Also, the App extension adds the "Managed by your organization" feature to Chrome browsers. We discovered it on a deceptive web page.

What kind of page is webvenadvdesign[.]com?

Our researchers discovered the webvenadvdesign[.]com rogue page while investigating suspicious websites. It is designed to push browser notification spam and redirect users to other (likely unreliable/malicious) sites.

Most visitors access webvenadvdesign[.]com and similar webpages via redirects caused by sites using rogue advertising networks.

What kind of page is prizesleads[.]com?

Prizesleads[.]com is a rogue webpage that we discovered during a routine inspection of suspect websites. It is designed to promote deceptive content and spam browser notifications. Furthermore, this site can redirect users to different (likely unreliable/dangerous) pages.

Most visitors to prizesleads[.]com and websites akin to it – access them through redirects caused by pages that use rogue advertising networks.

What kind of page is yourvenadvllc[.]com?

We have analyzed yourvenadvllc[.]com and learned that it shows a deceptive message to trick visitors into agreeing to receive notifications from it. Also, yourvenadvllc[.]com redirects to various scam websites. Users do not visit sites like yourvenadvllc[.]com intentionally.