Step-by-Step Malware Removal Instructions

Developer Ransomware
Ransomware

Developer Ransomware

Developer is ransomware that our researchers identified during a routine review of new malware submissions to VirusTotal. It encrypts files on the victim's computer and demands a ransom payment in exchange for the decryption key. The attackers also claim to steal sensitive data and threaten to pub

Unicorn Fart Dust ($UFD) Allocation Scam
Phishing/Scam

Unicorn Fart Dust ($UFD) Allocation Scam

During our investigation of dubious websites, we discovered ufdlabs[.]com, a fraudulent page impersonating the real Unicorn Fart Dust project. The site falsely claims that a $UFD token allocation event is live, prompting visitors to connect their cryptocurrency wallets. In reality, ufdlabs[.]com i

Get Maps & Driving Directions Browser Hijacker
Browser Hijacker

Get Maps & Driving Directions Browser Hijacker

Our researchers inspected Get Maps & Driving Directions and found it to be a browser hijacker. Once added to a browser, it changes settings to promote bestfreemaps.com - a fake search engine that redirects users through a chain of pages they did not choose to visit. This extension poses a pri

Freshy Search Browser Hijacker
Browser Hijacker

Freshy Search Browser Hijacker

Our research team discovered Freshy Search while reviewing newly submitted browser extensions. It falls under the browser hijacker classification. Once added to a browser, it changes certain settings to promote freshy.com, a questionable search engine that generates its own results. Like most sof

Newspulsenow.net Redirect
Browser Hijacker

Newspulsenow.net Redirect

Newspulsenow.net is a fake search engine promoted by browser hijackers. Our team analyzed this website and found that it is distributed through browser-hijacking software that modifies browser settings to force users to visit it. Newspulsenow.net cannot generate its own search results and instead

KalinkaCrypt Ransomware
Ransomware

KalinkaCrypt Ransomware

KalinkaCrypt is ransomware that we investigated after it was uploaded to VirusTotal. Once it infects a system, it encrypts files, appends a distinct extension to their names, and drops a ransom note demanding payment for decryption. On our test machine, this ransomware encrypted files and appende

Mail Server Administration Scam
Phishing/Scam

Mail Server Administration Scam

We have examined this email and determined that it is a phishing scam. The message is disguised as an important notice from a mail server administration team, urging recipients to take action on their account. Its actual purpose is to steal email login credentials through a fake webmail login page

Doommageddon Ransomware
Ransomware

Doommageddon Ransomware

Doommageddon is ransomware that our researchers discovered while inspecting new submissions to VirusTotal. Besides encrypting files, this group also runs a dedicated data leak site on the Tor network, where stolen files are threatened to be published if the ransom is not paid. Once it infects a de

SquadLocker Ransomware
Ransomware

SquadLocker Ransomware

SquadLocker is ransomware first identified by researchers at IQBlack. We investigated this threat and confirmed it encrypts victims' files, appends the .SquadLocker extension to their names, and drops a ransom note. It also changes the desktop wallpaper. On our test machine, a file named "1.jpg"

Windows Security Certificate Expired/Invalid POP-UP Scam
Phishing/Scam

Windows Security Certificate Expired/Invalid POP-UP Scam

This page displays a fake Windows Security warning claiming that the system's digital certificate has expired. It does not fix anything - clicking through downloads a file that installs malware. Neither Microsoft nor Windows is affiliated with this scheme in any way. This page is a malware