Virus and Spyware Removal Guides, uninstall instructions

What kind of extension is "Movie Database"?

Our researchers discovered the Movie Database browser extension while investigating suspicious software-promoted websites. It is promoted as a quick-access tool to TMDB (The Move Database) - an online database for movies and TV shows. Having analyzed this extension, we determined that Movie Database operates as advertising-supported software (adware) instead.

What kind of software is EyeEase?

After downloading and installing the EyeEase application, we learned that it has parameters of adware - it displays intrusive advertisements. Our team discovered EyeEase on a questionable (supposedly official) website. It is worth mentioning that most users download and install adware inadvertently.

What is VIRUS ALERT ransomware?

Our research team discovered the VIRUS ALERT ransomware-type program while inspecting new submissions to VirusTotal. This malicious program is based on the Chaos ransomware.

We found two variants of VIRUS ALERT and tested them. Both versions appended the encrypted files with an extension consisting of four random characters. For example, one variant altered the "1.jpg" filename to "1.jpg.baha", "2.png" to "2.png.9iy", and the other variant renamed "1.jpg" to "1.jpg.paynow", etc.

Both VIRUS ALERT versions created ransom notes titled "read_it.txt". These malicious programs also changed the desktop wallpapers, which differed depending on the ransomware variant.

What kind of software is Markets?

Markets is the name of an advertising-supported program we discovered after examining an ISO file downloaded from a deceptive page. We classified Markets as adware because it displays unwanted advertisements. We also found that this adware runs as "Markets tech Copyright © 2022" in the Task Manager.

What is CRPT ransomware?

During a routine inspection of new submissions to VirusTotal, our researchers discovered a ransomware called CRPT. We determined that this malicious program is part of the VoidCrypt ransomware family.

After we executed a sample of CRPT on our test machine, it encrypted files and altered their titles. Original filenames were appended with a unique ID, the cyber criminals' email address, and a ".CRPT" extension. For example, a file named "1.jpg" appeared as "1.jpg.(CW-OZ3980264517)(exploit1@mailfence.com).CRPT".

Once the encryption process had been completed, CRPT ransomware dropped a ransom-demanding message - "unlock-info.txt" - onto the desktop.

What is "Windows Defender Advanced Threat Protection" email scam?

While examining this email, we learned that it is sent by scammers who aim to trick recipients into calling a fake support number. Scammers behind it claim that recipients have been charged a specified amount of money for the Windows Defender Advanced Threat Protection subscription. They disguised this email as a letter from Microsoft.

What is Quick Online Recipes?

Quick Online Recipes is a rogue browser extension that our researchers discovered while investigating suspicious software-promoting webpages. This extension is presented as an easy-access tool for food recipes and other cooking-related content. Our analysis of this piece of software revealed that Quick Online Recipes operates as adware.

What kind of software is IntranetLookup?

While testing the IntranetLookup application, we found that it is an advertising-supported application - it shows annoying advertisements. Typically, users install such apps inadvertently. Our team discovered this IntranetLookup on a deceptive website claiming that the Adobe Flash Player is out of date.

What is JourneyDrive?

Our researchers found the JourneyDrive application while inspecting new submissions to VirusTotal. After analyzing this app, we learned that it operates as adware and belongs to the AdLoad malware family.

What kind of malware is ZeNyA?

ZeNyA is ransomware belonging to a ransomware family called Xorist. We discovered ZeNyA while checking the VirusTotal page for recently submitted malware samples. ZeNyA encrypts files and appends its extension (".ZeNyA" to filenames. Also, it shows an error window and creates the "HOW TO DECRYPT FILES.txt" file. Both of them contain the same ransom note.

An example of how ZeNyA renames files: it changes "1.jpg" to "1.jpg.ZeNyA", "2.png" to "2.png.ZeNyA", and so forth.