Virus and Spyware Removal Guides, uninstall instructions

What is "Avira - Your System Was Corrupted"?

While investigating suspicious websites, our researchers discovered the "Avira - Your System Was Corrupted" scam. It claims that the visitor's device is infected and urges them to perform a scan. It must be emphasized that this scam is in no way associated with either the Avira anti-virus or Avira Operations GmbH & Co. KG.

What is Dood Colors?

While inspecting suspect software-promoting websites, our research team found the Dood Colors browser extension. This piece of rogue software promises to allow users to change webpage background colors. After analyzing Dood Colors, we determined that it operates as advertising-supported software (adware) instead.

What kind of program is Travel?

Travel is the name of adware - an untrustworthy advertising-supported application that shows annoying advertisements. We discovered it after examining an ISO file downloaded from a shady website. We also found that it runs as "Travel tech Copyright © all rights reserved" in the Task Manager.

What kind of malware is BISAMWARE?

BISAMWARE is ransomware that encrypts files, changes the desktop wallpaper, creates the "SYSTEM=RANSOMWARE=INFECTED.TXT" file (a ransom note) and modifies filenames. It appends the ".BISAMWARE" extension to filenames (e.g., it renames "1.jpg" to "1.jpg.BISAMWARE", "2.png" to "2.png.BISAMWARE").

What is Bruhnet ransomware?

We discovered the Bruhnet ransomware-type program while inspecting new submissions to VirusTotal. This program belongs to the Xorist ransomware family.

After we executed a sample of Bruhnet on our test machine, it encrypted files and appended their names with a ".bruhnet" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.bruhnet", "2.png" as 2.png.bruhnet", and so on for all of the affected files.

Once the encryption process was completed, a ransom-demanding message - "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" - was created on the desktop.

What kind of application is Some-Light?

Some-Light is the name of a browser extension that shows unwanted advertisements. Software of this type is called adware. Typically, users download and install adware unintentionally (without knowing that the application displays ads). Our team discovered Some-Light while examining deceptive web pages.

What is LockLock (MedusaLocker) ransomware?

During a routine investigation of new submissions to VirusTotal, our researchers discovered the LockLock ransomware. It is yet another program from the MedusaLocker ransomware family.

On our test machine, this malware encrypted files and appended their filenames with a ".locklock" extension. Hence, a file originally titled "1.jpg"appeared as "1.jpg.locklock", "2.png" as "2.png.locklock", etc.

Once the encryption process was finished, LockLock (MedusaLocker) ransomware dropped a ransom note named "how_to_back_files.html" onto the desktop. Based on this message, it is evident that this ransomware targets companies rather than home users, and it uses double extortion tactics.

What is kind of scam "USPS pop-up scam"?

It is a scam website, a fake USPS page designed to trick visitors into providing personal information. We discovered this site while inspecting other websites that use rogue advertising networks. USPS is a legitimate mail company providing postal service in the United States. It has nothing to do with this scam page.

What kind of email is "Blocked (Important) Incoming Messages"?

"Blocked (Important) Incoming Messages" is a spam email, which our inspection revealed to be a phishing scam. This letter attempts to deceive recipients into revealing their email account log-in credentials by claiming that a number of messages have failed to reach their inbox.

What kind of malware is OriginLogger?

OriginLogger is the name of a keylogger (keystroke logger) that cybercriminals use to steal sensitive information. It is endorsed as a successor of Agent Tesla. OroginLogger captures keystrokes (records data entered with the keyboard) and includes additional features. Typically, threat actors use keyloggers to steal personally identifiable information, login credentials, and other sensitive data.