Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Iswr?

Iswr is the name of a Djvu ransomware variant. We discovered it while inspecting malware samples submitted to the VirusTotal page. Iswr encrypts the victim's files, appends its extension (".iswr") to the filenames of all encrypted files, and drops its ransom note (the "_readme.txt" file).

An example of how Iswr modifies filenames: it renames "1.jpg" to "1.jpg.iswr", "2.png" to "2.png.iswr", "3.exe" to "3.exe.iswr", and so forth. It is common for ransomware belonging to the Djvu family to be distributed alongside RedLine, Vidar, and other information stealers.

What kind of website is mywowspot[.]com?

We have analyzed mywowspot[.]com and learned that the purpose of this page is to trick visitors into agreeing to receive notifications from it. Additionally, mywowspot[.]com may redirect users to other untrustworthy websites. It is very uncommon for pages like mywowspot[.]com to be visited on purpose.

What kind of malware is CRYPT?

CRYPT crypto-malware based on CONTI ransomware. It encrypts files, appends the ".CRYPT" extension to filenames, and creates the "Readme_Instructions.html" file that contains a ransom note. An example of how CRYPT modifies filenames: it renames "1.jpg" to "1.jpg.CRYPT", "2.png" to "2.png.CRYPT", and so forth.

What kind of email is a fake letter from Standard Bank?

Our team has analyzed this email and found that it is written by scammers pretending to be representatives of Standard Bank. The purpose of this scam email is to trick recipients into entering personal information on the opened fake web page. Emails of this kind are called phishing emails. They should be marked as spam and deleted.

What kind of malware is Isza?

Isza is ransomware (one of the ransomware variants belonging to the Djvu family) that encrypts files, appends its extension to filenames, and drops a ransom note. Isza renames files by appending the ".isza" extension and creates the "_readme.txt" file to provide contact and payment information.

An example of how Isza modifies filenames: it renames "1.jpg" to "1.jpg.isza", "2.png" to "2.png.isza", and so forth. Cybercriminals behind Djvu ransomware often drop information stealers (e.g., RedLine or Vidar) before encrypting files.

What kind of malware is Isal?

Isal is ransomware that prevents victims from accessing their data by encrypting it. Our team discovered this ransomware while checking the VirusTotal page for recently submitted malware samples. Additionally, Isal appends the ".isal" extension to filenames and drops a ransom note (the "_readme.txt" file).

An example of how Isal ransomware renames encrypted files: it renames "1.jpg" to "1.jpg.isal", "2.png" to "2.png.isal", and so forth. We also found that Isal is one of the Djvu ransomware variants. It is common for these variants to be distributed alongside information stealers like RedLine and Vidar.

What kind of malware is SBU?

SBU is one of the ransomware variants belonging to the Dharma family. SBU encrypts data, appends its extension (".SBU") to filenames, creates the "info.txt" file, and displays a pop-up window. The text file and pop-up window contain ransom notes. An example of how SBU ransomware renames files: it changes "1.jpg" to "1.jpg.SBU", "2.png" to "2.png.SBU", and so forth.

What kind of page is marootrack[.]co?

Our team has inspected marootrack[.]co and found that it displays a deceptive message to trick visitors into agreeing to receive notifications from it. Also, marootrack[.]co redirects to various scam pages. Thus, it is highly advisable not to trust marootrack[.]co or allow it to show notifications.

What kind of application is Ads Tracker?

After adding the Ads Tracker extension to a web browser, we noticed that this application displays unwanted advertisements. Our team discovered Ads Tracker on a deceptive web page. Since this app shows ads, we classified it as adware. It is uncommon for advertising-supported apps to be added or installed on purpose.

What kind of page is toftheca[.]buzz?

While inspecting toftheca[.]buzz, we found that it wants to show notifications and displays deceptive content to trick visitors into allowing it to show those notifications. Also, toftheca[.]buzz redirects to other deceptive web pages. We discovered toftheca[.]buzz while examining pages that use shady advertising networks.