Virus and Spyware Removal Guides, uninstall instructions

What kind of page is protection-availability[.]xyz?

While checking out suspicious websites, our researchers discovered the protection-availability[.]xyz rogue page. It runs scams, promotes spam browser notifications, and redirects visitors to different (likely unreliable/hazardous) webpages. Sites like protection-availability[.]xyz are typically accessed through others that use rogue advertising networks.

What is NativeLightning?

Our researchers discovered NativeLightning during a routine inspection of new submissions to VirusTotal. After analyzing this application, we learned that it is advertising-supported software (adware) belonging to the AdLoad malware family.

What kind of page is stally[.]click?

Stally[.]click is a rogue webpage that our research team found while investigating questionable websites. It operates by running scams, promoting browser notification spam, and redirecting users to different (likely unreliable or malicious) sites.

Pages like stally[.]click are most commonly accessed through redirects caused by sites that use rogue advertising networks.

What is NullMixer?

NullMixer is a malicious program designed to cause chain infections and, as such, is classified as a dropper. This program has been observed infiltrating a wide variety of malware into infected devices, ranging from information-stealers to loaders. It is noteworthy that NullMixer is actively spread through "cracked" software download websites.

What kind of application is AbsoluteValue?

AbsoluteValue is an untrustworthy application we discovered while inspecting deceptive websites (e.g., websites instructing visitors to update the Adobe Flash Player). While analyzing AbsoluteValue, we found that it generates unwanted advertisements. Thus, it has been concluded that AbsoluteValue is adware (advertising-supported application).

What kind of page is defender-box[.]xyz?

While examining defender-box[.]xyz, we found that it is one of the many websites running the "McAfee - Your PC is infected with 5 viruses!" scam. This page displays deceptive content (fake virus warnings) to trick visitors into paying for legitimate antivirus software. Also, defender-box[.]xyz asks for permission to deliver notifications.

What is CreedNetwork?

CreedNetwork is a rogue application discovered by our research team during a routine investigation of new submissions to VirusTotal. We inspected this piece of software and determined that it operates as adware. It is noteworthy that CreedNetwork is part of the AdLoad malware family.

What kind of malware is Triada?

Triada is the name of a Trojan targeting Android users. Cybercriminals distribute this Trojan via a modified version of WhatsApp called FMWhatsapp (and possibly other apps). Once the app with Triada hidden in it is launched, the Trojan gathers various device information to set up a communication channel and drops additional payloads via a remote server.

What is Wizard ransomware?

Our research team discovered the Wizard malicious program during a routine inspection of new submissions to VirusTotal. It is classified as ransomware - a type of malware that encrypts data and makes ransom demands for the decryption tools.

After we executed a sample of Wizard ransomware on our testing system, it encrypted files and altered their titles. The original filenames were appended with a ".wizard" extension, e.g., a file named "1.jpg" appeared as "1.jpg.wizard", "2.png" as "2.png.wizard", etc.

Once the encryption process was completed, a ransom-demanding message - "decrypt_instructions.txt" - was created on the desktop.

What kind of malware is TeamDarkAnon?

TeamDarkAnon is ransomware designed to encrypt files, change the desktop wallpaper, drop a ransom note (the "read_it.txt") file, and append the ".anon" extension to filenames. Files encrypted by ransomware cannot be opened until they are decrypted. We discovered TeamDarkAnon while examining malware samples submitted to VirusTotal.

An example of how TeamDarkAnon modifies filenames: it renames "1.jpg" to "1.jpg.anon", "2.png" to "2.png.anon", "3.exe" to "3.exe.anon", and so forth.