Virus and Spyware Removal Guides, uninstall instructions

What kind of application is PowerAnalytics?

While analyzing various untrustworthy pages, our team discovered an advertising-supported application called PowerAnalytics. The purpose of PowerAnalytics is to display annoying (and untrustworthy) advertisements. It is highly advisable not to have any adware installed on a computer.

What kind of page is finishupworld[.]com?

While inspecting suspicious websites, our researchers discovered the finishupworld[.]com rogue page. It promotes browser notification spam and redirects visitors to other (likely untrustworthy/harmful) sites. Most users access webpages like finishupworld[.]com via redirects caused by sites that use rogue advertising networks.

What is OperativeService?

Our research team found the OperativeService rogue app while inspecting new submissions to VirusTotal. By analyzing this piece of software, we determined that it is adware belonging to the AdLoad malware family.

What is WARLOCK DARK ARMY ransomware?

Our researchers discovered the WARLOCK DARK ARMY malicious program, which is based on the Chaos ransomware, while inspecting new submissions to VirusTotal.

After we executed a sample of this ransomware on our testing system, it began encrypting files and changed their names.

Original filenames were appended a ".f**kcrypt" extension; note that the extension is censored in this article - the asterisks stand for the letters "u" and "c". For example, a file originally titled "1.jpg" appeared as "1.jpg.f**kcrypt", "2.png" as "2.png.f**kcrypt", etc.

After the encryption process was finished, WARLOCK DARK ARMY dropped a ransom-demanding message named "read_it.txt" onto the desktop.

What kind of website is news-fiyimo[.]com?

While inspecting news-fiyimo[.]com, we found that it displays deceptive content to lure visitors into allowing it to deliver notifications. Also, it redirects to a similar website. Our team discovered news-fiyimo[.]com while examining untrustworthy ads and pages that use rogue advertising networks.

What kind of page is regadspro[.]com?

Regadspro[.]com is a rogue website that our research team discovered while checking out suspicious sites. This page operates by promoting browser notification spam and redirecting visitors to other (likely untrustworthy/malicious) webpages.

Most users access sites like regadspro[.]com via redirects caused by pages that employ rogue advertising networks. Additionally, these webpages are promoted by spam notifications, intrusive ads, and adware.

What is Eking (VoidCrypt) ransomware?

Our researchers discovered the Eking ransomware-type program while inspecting new submissions to VirusTotal. This malicious program belongs to the VoidCrypt ransomware family.

After we executed a sample of Eking (VoidCrypt) ransomware on our test machine, it began encrypting files and altered their filenames. Original titles were appended with a unique ID, cyber criminals' email address, and a ".eking" extension. For example, a file named "1.jpg" appeared as "1.jpg.[MJ-QW7243915806](ekingm2023@outlook.com).eking".

Once the encryption process was completed, a ransom-demanding message - "INFO.txt" - was dropped onto the desktop.

What kind of malware is Nury?

Nury is the name of Djvu ransomware variant that our malware researchers discovered while checking the VirusTotal website for recently submitted samples. We found that Nury ransomware encrypts files and modifies filenames by appending ".nury" as their new extension. Also, it creates a text file ("_readme.txt") that contains a ransom note.

An example of how Nury ransomware renames files: it renames "1.jpg" to "1.jpg.nury", "2.png" to "2.png.nury", and so forth. An important detail about Djvu ransomware is that threat actors often distribute it alongside information stealers like RedLine and Vidar.

What kind of malware is Nuis?

Nuis is the name of a Djvu ransomware variant that encrypts files to make them inaccessible. Like any other ransomware, Nuis is used to extort money from victims. In addition to encrypting files, Nuis appends the ".nuis" extension to filenames and generates a text file named "_readme.txt" that contains a ransom note.

An example of how Nuis modifies filenames: it renames "1.jpg" to "1.jpg.nuis", "2.png" to "2.png.nuis", "3.exe" to "3.exe.nuis", and so forth. Our team discovered this Djvu ransomware while inspecting malware samples submitted to VirusTotal.

It is known that Djvu ransomware is often distributed alongside information stealers (e.g., Vidar, RedLine). In these cases, threat actors steal sensitive information before encrypting files.

What kind of page is nadsfit[.]com?

We examined nadsfit[.]com and learned that it displays deceptive content to trick visitors into granting it permission to show notifications. It uses a clickbait technique as a lure. Also, nadsfit[.]com redirects visitors to other pages of this type. Thus, it is highly advisable not to trust nadsfit[.]com.