Virus and Spyware Removal Guides, uninstall instructions

What kind of application is Ad-free | best ad blocker?

Ad-free | best ad blocker is the name of a browser extension that supposedly blocks online advertisements. Ironically, this app generates advertisements. Thus, we classified Ad-free | best ad blocker as adware. Our team discovered this app on a deceptive page that recommended adding it to a browser.

What is HyperBro?

HyperBro is the name of a Remote Access Trojan (RAT). This type of malware is designed to allow remote access/control over infected machines. RATs are typically highly functional pieces of malicious software capable of causing all sorts of severe issues.

It is noteworthy that HyperBro has been used in an attack against the United States Defense Industrial Base (DIB) sector.

What kind of malware is CovalentStealer?

CovalentStealer is an info-stealing malware that identifies file shares on a system, categorizes the files, and then exfiltrates (uploads) them to a remote server controlled by threat actors. CovalentStealer stores gathered files on OneDrive. It is known that it was used as a payload when targeting a US defense organization.

What is "Your Device Apple iPhone Has Been Hacked"?

"Your Device Apple iPhone Has Been Hacked" is a scam that our researchers discovered while inspecting dubious websites. As the name implies, it claims that the visitor's iPhone has been infected and hacked.

It must be emphasized that no site can detect such (or other) issues on users' devices - therefore, any that make such claims are scams. Additionally, it has to be stressed that this deceptive content is in no way associated with the actual Apple Inc. despite being presented as an alert from "AppleCare Plus/ Protection System".

What kind of application is Cool baro?

Cool baro is a browser extension designed to promote barosearch.com by hijacking a web browser. Barosearch.com is a fake search engine that does not generate its own results. Typically, users download and add browser hijackers to browsers (or install them on computers) inadvertently.

What kind of page is webregadvertising[.]com?

The purpose of webregadvertising[.]com is to trick visitors into allowing it to show notifications. Additionally, it redirects them to other websites. Our team encountered webregadvertising[.]com while examining other websites that use rogue advertising networks. It is uncommon for pages like webregadvertising[.]com to be visited intentionally.

What is Tohj ransomware?

Our researchers discovered yet another malicious program - Tohj - belonging to the Djvu ransomware family while inspecting new submissions to VirusTotal. Ransomware encrypts data and demands payment for decryption.

Once we executed a sample of Tohj on our test system, it began encrypting files. The filenames of the affected files were appended with a ".tohj" extension, e.g., a file originally titled "1.jpg" appeared as "1.jpg.tohj", "2.png" as "2.png.tohj", etc. Afterwards, a ransom note named "_readme.txt" was created.

What kind of website is oneqanatclub[.]com?

While analyzing oneqanatclub[.]com, we learned that it requests visitors to pass a fake CAPTCHA (it shows deceptive content to lure visitors into agreeing to receive notifications). It also redirects visitors to other websites of this type. Our team discovered oneqanatclub[.]com while inspecting websites that use rogue advertising networks.

What kind of malware is Towz?

Our team discovered another Djvu ransomware called Towz that encrypts files to make them inaccessible until a ransom is paid. We also found that Towz appends the ".towz" extension to filenames and creates the "_readme.txt" file (a file containing contact and payment information). This ransomware was discovered while inspecting malware samples submitted to VirusTotal.

An example of how Towz modifies filenames: it renames "1.jpg" to "1.jpg.towz", "2.png" to "2.png.towz", "3.exe" to "3.exe.towz", and so forth.

What kind of software is InformationLeader?

InformationLeader is an advertising-supported application (adware) that bombards users with annoying advertisements. We discovered this app after using a fake installer downloaded from a website claiming that it is required to update the Adobe Flash Player. It is not uncommon for apps like InformationLeader to be promoted and distributed using deceptive methods.