Virus and Spyware Removal Guides, uninstall instructions

What is Arazite ransomware?

Arazite is a piece of malicious software categorized as ransomware. This type of malware is designed to encrypt data and demand payment for decryption.

After we executed a sample of Arazite on our test system, it began encrypting files and appended their filenames with the ".arazite" extension. For example, a file titled "1.jpg" appeared as "1.jpg.arazite", "2.png" as "2.png.arazite", etc. Once this process was completed, a ransom note was created/displayed in a pop-up window ("info.hta").

What kind of application is Free Game Loop?

After testing the Free Game Loop browser extension, we found that it is an advertising-supported application. This app generates revenue for its developer by displaying unwanted advertisements to users. Our team discovered Free Game Loop on a website offering to play the best card games online.

What kind of page is allprotectpc[.]com?

Our research team discovered the allprotectpc[.]com rogue page during a routine investigation of untrustworthy websites. It promotes scams, pushes browser notification spam, and redirects visitors to other (likely unreliable/malicious) sites.

Users typically enter allprotectpc[.]com and similar webpages via redirects caused by pages that use rogue advertising networks.

What kind of malware is Wanqu?

Wanqu is the name of ransomware that encrypts and renames files (by appending the ".Wanqu" extension) and drops "RESTORE_FILES_INFO.txt" and "RESTORE_FILES_INFO.hta" files (ransom notes) on the desktop. Our team discovered Wanqu while inspecting malware samples submitted to the VirusTotal website.

An example of how Wanqu modifies filenames: it renames "1.jpg" to "1.jpg.Wanqu", "2.png" to "2.png.Wanqu", and so forth.

What is AuroraShack?

While investigating new submissions to VirusTotal, our researchers found the AuroraShack application. After analyzing it, we determined that this app operates as adware (i.e., runs intrusive ad campaigns) and belongs to the AdLoad malware family.

What is fake mobile banking rewards malware?

A new version of Android malware has emerged recently, targeting customers of Indian banks. Cybercriminals behind this campaign are using fake banking rewards applications to trick users into installing information-stealing malware with remote access trojan (RAT) capabilities. Their goal is to steal sensitive information.

What kind of page is mscmart[.]com?

While investigating untrustworthy sites, our researchers found the mscmart[.]com rogue page. It pushes spam browser notifications and redirects visitors to other (likely questionable/malicious) websites. Users typically enter mscmart[.]com and similar pages through redirects caused by websites using rogue advertising networks.

What kind of page is pushyoumail[.]com?

Pushyoumail[.]com is a rogue website that promotes browser notification spam and causes redirects to different (likely untrustworthy/malicious) sites. Our research team discovered this page during a routine investigation of suspicious websites. Users typically enter webpages of this kind via redirects caused by sites using rogue advertising networks.

What kind of page is service-2022[.]site?

While inspecting dubious webpages, our researchers discovered the service-2022[.]site rogue site. It operates by promoting scams, pushing browser notification spam, and redirecting visitors to other (likely untrustworthy/malicious) websites.

Most users access pages like service-2022[.]site via redirects caused by sites using rogue advertising networks, mistyped URLs, spam notifications, intrusive ads, or installed adware.

What kind of page is fonto[.]club?

Fonto[.]club is a rogue page that our researchers discovered while inspecting suspicious websites. It is designed to promote deceptive material, push browser notification spam, and redirect visitors to other (likely untrustworthy/harmful) webpages.

Most users enter fonto[.]club and similar websites through redirects caused by pages that use rogue advertising networks.