Virus and Spyware Removal Guides, uninstall instructions

What is Motivational Quotes?

While inspecting suspicious sites, our researchers found one promoting a browser extension called Motivational Quotes. It is endorsed as a tool that displays famous entrepreneur quotes on the Google homepage. However, our inspection of this extension revealed that it operates as adware. In other words, Motivational Quotes runs intrusive advertisement campaigns and collects private data.

What kind of application is NoteTab - Save Your Thoughts?

While examining NoteTab - Save Your Thoughts, we found that it changes the settings of a web browser to promote find.unav-web.com, a fake search engine. Apps that behave like this are called browser hijackers. In most cases, browser hijackers are promoted and distributed using shady methods. We discovered NoteTab - Save Your Thoughts on a deceptive page.

What is AllocateType?

While inspecting new submissions to VirusTotal, our research team came upon an application named AllocateType. After analyzing it, we learned that it is an adware-type app belonging to the AdLoad malware family.

What kind of application is ManagerUpdater?

Recently, our team discovered an advertising-supported application called ManagerUpdater. We classified ManagerUpdater as adware because it generates unwanted advertisements. We also found that this app can read sensitive information. In most cases, users download and install adware inadvertently due to the methods used to promote and distribute it.

What is FBI ransomware?

FBI is the name of a ransomware-type program. Malware within this classification is designed to encrypt data and demand payment for the decryption.

After we executed a sample of this ransomware on our test machine, it encrypted files and appended their filenames with a ".fbi" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.fbi", "2.png" as "2.png.fbi", and so on for all of the compromised files.

Once this process was completed, FBI created ransom notes named "readme.txt", "LOCKEDBYFBI.hta", and "decryptfiles.html" which were all empty. Only the fullscreen displayed by this malware was operational and contained an actual message that was also audibly read out by a bot.

At the time of writing, FBI ransomware is decryptable - the decryption key is "fbi" (without the quotation marks).

What kind of malware is Pohj?

Pohj is ransomware that belongs to the Djvu family (one of the most widespread ransomware families). We discovered this ransomware while examining malware samples submitted to VirusTotal. Pohj encrypts data, appends the ".pohj" extension to filenames, and drops the "_readme.txt" file containing a ransom note.

An example of how Pohj renames the encrypted files: it changes "1.jpg" to "1.jpg.pohj", "2.png" to "2.png.pohj", "3.exe" to "3.exe.pohj", and so forth.

What kind of malware is Powz?

Powz is ransomware designed to prevent victims from opening their files by encrypting them. Our team discovered it while checking the VirusTotal page for recently submitted malware samples. We also found that Powz is part of the Djvu ransomware family, appends the ".powz" extension to filenames, and creates a ransom note (the "_readme.txt" file).

An example of how Powz ransomware renames encrypted files: it renames "1.jpg" to "1.jpg.powz", "2.png" to "2.png.powz", "3.exe" to "3.exe.powz", and so forth.

What kind of page is headcaptcha[.]live?

Our research discovered the headcaptcha[.]live page while checking out suspicious websites. This rogue webpage pushes browser notification spam and redirects visitors to different (likely deceptive/malicious) sites. Users typically enter headcaptcha[.]live and pages akin it - through redirects caused by websites that use rogue advertising networks.

What is Space Tab?

Our researchers discovered the Space Tab browser extension while inspecting deceptive websites. After analyzing this extension, we learned that it operates as a browser hijacker. Space Tab makes changes to browser settings in order to cause redirects to the find.gsearchwithus.com fake search engine.

What kind of scam is "Coordination Of Humanitarian Affairs"?

After analyzing this email, we concluded that the scammers behind it seek to trick recipients into calling the provided number. Their email is disguised as a letter (a short notice) from the United Nations Office for the Coordination of Humanitarian Affairs (OCHA) regarding financial assistance. This letter should be ignored.