Virus and Spyware Removal Guides, uninstall instructions

What is KOPYTZEMPEREEBET ransomware?

While inspecting new submissions to VirusTotal, our research team discovered the KOPYTZEMPEREEBET ransomware.

We executed a sample of this malware on our test machine, and it encrypted files and appended their filenames with a ".KOPYTZEMPEREEBET" extension. For example, a file named "1.jpg" appeared as "1.jpg.KOPYTZEMPEREEBET", "2.png" as "2.png.KOPYTZEMPEREEBET", and so forth.

Once the encryption process was finished KOPYTZEMPEREEBET dropped a text file titled "#Decrypt_files#.txt" onto the desktop. This file contained the ransom-demanding message, which made it evident that this ransomware targets companies rather than home users.

What is kind of malware is Aurora?

Our research team discovered the Aurora malware while looking through hacker forums. Its developers advertise Aurora as a multifunctional piece of malicious software. The program's promotional material states that it operates as a RAT (Remote Access Trojan), botnet, stealer, clipper, and data-encrypting ransomware.

What kind of malware is Qqjj?

Qqjj is ransomware (belonging to the Djvu ransomware family) designed to encrypt files and change their extension to ".qqjj". It also drops the "_readme.txt" file (a ransom note) on the desktop. Our malware researchers discovered Qqjj while checking the VirusTotal page for recently submitted malware samples.

An example of how Qqjj renames files: it changes "1.jpg" to "1.jpg.qqjj", "2.png" to "2.png.qqjj", and so forth.

What is SurplusStatus?

During a routine inspection of new submissions to VirusTotal, our research team found the SurplusStatus rogue application. Our analysis revealed that SurplusStatus is advertising-supported software (adware). Furthermore, SurplusStatus is part of the AdLoad malware family.

What kind of page is captchaless[.]top?

While analyzing captchaless[.]top, we found that this page is created to trick visitors into agreeing to receive notifications. The purpose of this site is to promote other untrustworthy websites and apps. Our team discovered captchaless[.]top while inspecting sites that use rogue advertising networks.

What is SmartRecord?

SmartRecord is a rogue app that we discovered while looking through new submissions to VirusTotal. After analyzing this piece of software, we determined that it is adware. Additionally, it is noteworthy that SmartRecord is part of the AdLoad malware family.

What is File Download Manager?

File Download Manager - as its name implies - is a rogue browser extension that claims to operate as a download management tool. Our research team discovered this extension while inspecting dubious software-promoting webpages. After analyzing File Download Manager, we determined that it is adware.

What kind of application is DimMode?

After testing the DimMode application, we learned that it provides no useful features and generates annoying advertisements. Additionally, it can read data on all visited websites. Thus, we classified DimMode as adware. It is worth mentioning that this app/browser extension is promoted via deceptive websites.

What kind of malware is Donkeyf*cker?

Donkeyf*cker is ransomware designed to encrypt files, modify filenames, and drop the "#HOW_TO_DECRYPT#.txt" file (a ransom note) on the desktop. We discovered this ransomware while examining malware samples submitted to the VirusTotal web page.

Donkeyf*cker renames files by appending a string of random characters, an ICQ username ("HAPPYHUNGARIANSL*T"), and the ".Donkeyf*cker" extension to filenames. For example, it renames "1.jpg" to "1.jpg.[ecf289b412].[ICQ_HAPPYHUNGARIANSL*T].Donkeyf*cker", "2.png" to "2.png.[ecf289b412].[ICQ_HAPPYHUNGARIANSL*T].Donkeyf*cker", and so forth.

What kind of page is mysmarterdeals[.]shop?

While examining the mysmarterdeals[.]shop page, we found that it is a deceptive website running a survey scam and asking for permission to deliver untrustworthy notifications. Also, it redirects visitors to other shady web pages. We discovered mysmarterdeals[.]shop while inspecting sites that use rogue advertising networks.