Virus and Spyware Removal Guides, uninstall instructions

What kind of page is webprotectionsurveys[.]live?

Webprotectionsurveys[.]live is a rogue site that our researchers found while inspecting dubious webpages. It operates by running scams, promoting spam browser notifications, and redirecting visitors to other (likely untrustworthy/harmful) websites.

Users typically enter pages like webprotectionsurveys[.]live through redirects caused by websites that use rogue advertising networks.

What kind of scam is "New Order"?

While investigating this email, we found that it is a scam email. Scammers behind it aim to trick recipients into opening a phishing website and providing information on it. The email is disguised as an inquiry letter regarding some order. This email should be ignored, and its hyperlink should be left unopened.

What kind of application is Text to Google Maps?

Text to Google Maps is described as a tool allowing users to send the selected text to Google Maps (search for selected location/address in Google Maps). However, while testing this browser extension, we found that unwanted advertisements appear while it is added to a browser. Thus, we classified Text to Google Maps as adware.

What kind of malware is Tuow?

Tuow is a Djvu ransomware that encrypts files, appends its extension (".tuow") to filenames, and creates a text file ("_readme.txt") containing a ransom note. Victims cannot access/use encrypted files until they are decrypted. Our malware researchers discovered Tuow ransomware while inspecting malware samples submitted to VirusTotal.

An example of how Tuow ransomware modifies filenames: it renames "1.jpg" to "1.jpg.tuow", "2.png" to "2.png.tuow", "3.exe" to "3.exe.tuow", and so forth. It is important to mention that some threat actors distribute Djvu ransomware alongside information stealers (e.g., Vidar and RedLine).

What kind of page is flymylife[.]info?

While inspecting questionable sites, we discovered the flymylife[.]info rogue webpage. It is designed to promote browser notification spam and cause redirects to other (likely untrustworthy/harmful) websites. Users typically access pages like flymylife[.]info through redirects caused by websites that use rogue advertising networks.

What is Rugby Start?

Rugby Start is a rogue browser extension that our research team found during a routine investigation of untrustworthy websites. This piece of software is promoted as a quick-access tool for Rugby results and related news. After analyzing Rugby Start, we determined that it operates as a browser hijacker and promotes (by causing redirects to) the search.nstart.online fake search engine.

What is ESCANOR ransomware?

While investigating new submissions to VirusTotal, our researchers discovered the ESCANOR ransomware. It is designed to encrypt data and demand ransoms for the decryption.

When we executed a sample of this ransomware on our test machine, it began encrypting files and changed their filenames. To elaborate, the names were appended with a ".ESCANOR" extension, e.g., a file initially titled "1.jpg" appeared as "1.jpg.ESCANOR", "2.jpg" as "2.png.ESCANOR", etc.

Afterward this process was completed, ESCANOR ransomware dropped a ransom-demanding message - "HELP_DECRYPT_YOUR_FILES.txt" - onto the desktop.

What is "MicroStrategy Crypto Giveaway"?

While inspecting suspicious websites, we discovered the "MicroStrategy Crypto Giveaway" scam. It promises to double the amount of BTC (Bitcoin cryptocurrency) or ETH (Ethereum cryptocurrency) that participants contribute to the event. It must be emphasized that this giveaway is fake; not only will victims receive no return, but they will lose all the cryptocurrency that they transfer to this scam.

What kind of malware is The Wise Guys?

The Wise Guys is the name of a data wiper disguised as ransomware. It deletes all files (it does not encrypt them). Also, it generates three files ("readme.txt", "readme.hta", and "readme.html") containing identical ransom notes. Our team discovered The Wise Guys malware while checking the VirusTotal website for recently submitted malware samples.

What kind of application is border colors?

border colors is the name of a browser extension that supposedly puts border colors on layouts of websites. Our team discovered this app while inspecting various deceptive pages (it is promoted on several shady pages). During the examination, we found that border colors shows annoying advertisements. Thus, we classified border colors as adware.