Virus and Spyware Removal Guides, uninstall instructions

What is Deed RAT?

Deed is a RAT-type malware. RATs (Remote Access Trojans) are designed to allow for remote access and control over infected devices. These trojans tend to have a broad range of malicious functionalities and are considered to be especially dangerous.

It has to be mentioned that Deed RAT has been around for a long time, but a resurgence in activity has been observed at the time of writing. The recent Deed RAT variants have been improved upon by the latest users, which are believed to be Chinese threat actors dealing in cyber-espionage.

What is givemeanswers.net?

While inspecting the givemeanswers.net search engine, we found that it places advertisements in its search results. It may also generate misleading results (promote shady pages). Typically, search engines like givemeanswers.net are promoted by browser hijackers. Users rarely add browser hijackers to browsers on purpose.

What is the 9002 RAT?

9002 is the name of a Remote Access Trojan (RAT). Malware within this classification enables remote access/control over infected machines.

Current 9002 RAT activity is associated with Chinese threat actors dealing in cyber-espionage. This malicious program has been around for years - however, its newest iterations have been improved and successfully used in geopolitically motivated cybercrime.

What kind of application is Parental Url Blockers?

While examining the Parental Url Blockers browser extension, we learned that it displays intrusive advertisements. Software designed to show ads is called adware. Typically, it is promoted/distributed using deceptive methods. Our team discovered Parental Url Blockers on a deceptive website requesting to add it to a web browser.

What is dailyguides.com?

After testing dailyguides.com, we found that it is an untrustworthy search engine that generates questionable results (including advertisements). Also, dailyguides.com shows deceptive notifications. Typically, search engines like dailyguides.com are promoted by browser hijackers.

What kind of application is Online Document Converters?

After testing the Online Document Converters application (browser extension), we found that it provides no useful features and shows intrusive advertisements. Additionally, it can read and change data on all visited pages. We classified Online Document Converters as adware. Typically, apps/browser extensions of this type are promoted using deceptive methods.

What kind of page is mostongou[.]com?

Our researchers discovered the mostongou[.]com rogue webpage while inspecting questionable sites. This page operates by promoting browser notification spam and redirecting visitors to different (likely untrustworthy/malicious) websites.

Mostongou[.]com and similar sites are typically accessed through redirects caused by pages using rogue advertising networks.

What is Tin Colors?

Our research team discovered the Tin Colors browser extension while inspecting suspicious software-promoting websites. This extension is promoted as a tool capable of changing webpage background colors. However, our analysis revealed that Tin Colors operates as adware instead.

What kind of page is browse-defense[.]com?

Browse-defense[.]com is the address of a rogue page. Our researchers discovered this site during a routine inspection of suspicious webpages. Browse-defense[.]com promotes deceptive content (scams), pushes spam browser notifications, and redirects users to other (likely unreliable/malicious) pages.

Websites like browse-defense[.]com are most often accessed via redirects caused by sites that use rogue advertising networks.

What kind of malware is Exploit6?

Exploit6 is the name of ransomware designed to encrypt files, append the ".exploit6" extension to filenames of all encrypted files, and drop the "READMI.txt" file. Our malware researchers discovered Exploit6 while examining samples submitted to the VirusTotal website.

An example of how Exploit6 modifies filenames: it renames "1.jpg" to "1.jpg.exploit6", "2.png" to "2.png.exploit6", "3.exe" to "3.exe.exploit6", and so forth.