Virus and Spyware Removal Guides, uninstall instructions

What is ZEUSSEC1337 ransomware?

ZEUSSEC1337 is a ransomware-type program that we discovered while inspecting new submissions to VirusTotal. This malicious program is part of the Chaos ransomware family.

On our testing system, ZEUSSEC1337 encrypted files and appended filenames with an extension consisting of four random characters. For example, a file titled "1.jpg" appeared as "1.jpg.qcj9", "2.png" as "2.png.7tml", and so on for all of the affected files.

Another variant of ZEUSSEC1337 ransomware appends ".zeussec1337" extension.

Once the encryption process was concluded, ZEUSSEC1337 changed the desktop wallpaper and created a text file named "Bacabangtxt". Both the wallpaper and text file contain ransom notes.

What is Trippy Circles?

While inspecting rogue websites, our researchers discovered one endorsing the Trippy Circles browser extension. It promises to display animations on new browser tabs. However, this software also operates as a browser hijacker. Trippy Circles alters browser settings to promote the trippycircles.net fake search engine. Additionally, this extension collects sensitive browsing-related data.

What kind of malware is Cypher?

Cypher is the name of a remote administration Trojan (RAT) targeting Android users. It allows threat actors to monitor and control infected devices (perform various actions on infected devices). Cypher's creators offer three subscription plans: $100 per month, $200 for three months, and $400 for a lifetime subscription.

What is AlphaExplorer?

While checking out new submissions to VirusTotal, our researchers discovered the AlphaExplorer rogue app. This piece of software operates as adware. Additionally, it is worth mentioning that AlphaExplorer is part of the AdLoad malware family.

What is alldefensepc[.]com ?

Our team examined alldefensepc[.]com and found that the purpose of this deceptive site is to trick visitors into purchasing legitimate antivirus software. Additionally, alldefensepc[.]com asks for permission to show notifications. We discovered alldefensepc[.]com while inspecting pages that use rogue advertising networks.

What is Eyedocx ransomware?

Our researchers discovered the Eyedocx ransomware-type program while inspecting new submissions to VirusTotal. Malware of this kind operates by encrypting data and demanding payment for the decryption keys/tools.

When we executed a sample of Eyedocx on our test system, it encrypted files and appended their filenames with a ".encrypted" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.encrypted", "2.png" as "2.png.encrypted", etc. Afterwards, a text file - "readme.infomation" - containing the ransom note was created.

What kind of application is 3D Tree?

While analyzing the 3D Tree application, we found that it is a browser extension designed to hijack a web browser. This app promotes a fake search engine (search.3dtree.net) by modifying the browser settings. Additionally, 3D Tree can read and change bookmarks and data on 3dtree.net. We discovered the 3D Tree browser hijacker on a deceptive web page.

What kind of email is "Board Approved Payroll"?

Our inspection of the "Board Approved Payroll" email revealed that it is spam operating as a phishing scam. It is presented as a notification regarding a shared document containing salary payments. The link to the fake file leads to a phishing site that requests users to provide their email account log-in credentials.

What kind of malware is D0ggerofficial?

D0ggerofficial is ransomware that encrypts files, appends the ".locked" extension to filenames, and displays a pop-up message containing a ransom note. Threat actors behind D0ggerofficial ransomware have one goal - to get paid for data decryption.

An example of how D0ggerofficial modifies filenames: it renames "1.jpg" to "1.jpg.locked", "2.png" to "2.png.locked", and so forth.

What kind of malware is Mnlywjzi?

Mnlywjzi is ransomware belonging to the Snatch family. Threat actors use Mnlywjzi to encrypt files and demand victims pay a ransom for their decryption. Also, Mnlywjzi renames files by appending the ".mnlywjzi" extension to filenames. It creates the "HOW TO RESTORE YOUR FILES.TXT" file that contains a ransom note.

An example of how Mnlywjzi renames files: it changes "1.jpg" to "1.jpg.mnlywjzi", "2.png" to "2.png.mnlywjzi", and so forth.