Virus and Spyware Removal Guides, uninstall instructions

What is AXLocker ransomware?

AXLocker is a ransomware-type program. Malware of this type is designed to encrypt data (i.e., render files inaccessible) and demand payment for the decryption tools.

Typically, ransomware renames encrypted files - often by appending them with an additional extension. However, on our test machine AXLocker did not alter the filenames of the affected files. After the encryption was completed, this ransomware displayed a ransom note in a pop-up window.

Additionally, AXLocker targets Discord tokens, with which it can then acquire the log-in credentials of these accounts and other data associated with them. The stolen Discord account may then be used to carry out other malicious activity, such as impersonating the owner and asking their contacts for loans, proliferating malware, etc.

What is the "FIFTH THIRD BANK" scam email?

After examining this email, we concluded that it is a fake letter from Fifth Third Bank regarding suspicious account activity. Scammers behind this scam email aim to trick recipients into providing sensitive information on a deceptive website. This email should be ignored.

What kind of page is justpush[.]biz?

While inspecting spam emails, our researchers found one promoting the justpush[.]biz rogue website. This page pushes browser notification spam and redirects visitors to other (likely dubious/malicious) sites.

Aside from spam mail, websites like justpush[.]biz are often accessed via redirects caused by pages using rogue advertising networks, spam notifications, intrusive ads, or installed adware.

What is Search-Monster?

While inspecting rogue webpages, our research team found the Search-Monster browser extension. On our test machine, it modified browser settings to promote the searchmonster.net fake search engine. Therefore, Search-Monster is considered to be a browser hijacker.

What is ZeRy ransomware?

Our research team discovered the ZeRy ransomware-type program while inspecting new submissions to VirusTotal. ZeRy is part of the Xorist ransomware family.

On our testing system, this ransomware encrypted files and appended their filenames with a ".ZeRy" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.ZeRy", "2.png" as "2.png.ZeRy", etc.

Afterward, ZeRy displayed a pop-up window and created a text file titled "HOW TO DECRYPT FILES.txt", both of which contain identical ransom notes.

What kind of page is basicnetworkpc[.]com?

Basicnetworkpc[.]com is a rogue page that promotes online scams, pushes spam browser notifications, and redirects visitors to different (likely unreliable/hazardous) websites.

Our researchers discovered this page while inspecting sites that use rogue advertising networks. In fact, most users enter webpages like basicnetworkpc[.]com through redirects caused by websites using such networks.

What is Globe Earth?

Globe Earth is a rogue browser extension that our researchers discovered while looking through suspicious websites. The promotional material states that this extension displays Google Earth images on new browser windows and tabs. However, our analysis revealed that this piece of software operates as a browser hijacker.

What kind of page is yourcommonblog[.]com?

Our research team discovered the yourcommonblog[.]com rogue page while looking through dubious websites. It promotes browser notification spam and redirects visitors to different (likely untrustworthy/malicious) sites.

Most access webpages like yourcommonblog[.]com via redirects caused by sites using rogue advertising networks, spam notifications, intrusive ads, or installed adware.

What is PrimaryRotator?

Our research team found the PrimaryRotator app while investigating new submissions to VirusTotal. After inspecting this piece of software, we determined that it operates as adware and is part of the AdLoad malware family.

What kind of application is Watch Movies?

Watch Movies is promoted as a browser extension allowing users to easily search for movies. We tested this app and found that it displays unwanted advertisements. Software that shows annoying ads is called adware. It is uncommon for adware to be downloaded and installed (or added to browsers) on purpose.