Virus and Spyware Removal Guides, uninstall instructions

NMO Ransomware

What is NMO ransomware?

While looking through new submissions to VirusTotal, our researchers found yet another ransomware-type program - called NMO - that belongs to the Dharma ransomware family.

After executing a sample of NMO on our test machine, it encrypted files and altered their filenames. The original titles were appended with a unique ID, the cyber criminals' email address, and a ".NMO" extension. For example, a file named "1.jpg" appeared as "1.jpg.id-9ECFA84E.[dr.nemo@tutanota.com].NMO".

Once the encryption was finished, the ransomware displayed a pop-up window and dropped a text file titled "info.txt" onto the desktop. Both the pop-up and text file contained ransom notes.

   
LinearRadial Adware (Mac)

What kind of application is LinearRadial?

LinearRadial is an application designed to bombard users with annoying advertisements. Apps of this type are classified as adware. We discovered LinearRadial while inspecting a shady installer downloaded from a deceptive web page.

   
Topsurvey24.top Ads

What kinf of page is topsurvey24[.]top?

While visiting (and inspecting) illegal movie streaming, torrent, and similar pages, we discovered topsurvey24[.]top. This page runs a fake survey to promote other deceptive pages and asks permission to show notifications. It is not recommended to visit such pages and allow them to deliver notifications.

   
EntrySample Adware (Mac)

What is EntrySample?

EntrySample is a piece of rogue software that we discovered while checking out new submissions to VirusTotal. After analyzing this application, we determined that it is adware belonging to the AdLoad malware family.

   
Easy Files Downloading Adware

What is Easy Files Downloading?

While inspecting dubious software-promoting sites, our research discovered the Easy Files Downloading browser extension. It is presented as a download management tool. After analyzing this extension, we determined that it operates as adware.

   
Healthy Adware

What is Healthy adware?

Healthy is a rogue application, which our analysis revealed to be advertising-supported software (adware). Apps within this classification operate by running intrusive advertisement campaigns, i.e., by displaying ads.

   
H0lyGh0st Ransomware

What is H0lyGh0st ransomware?

H0lyGh0st, also known as HolyGhost, is a ransomware-type program. It is designed to encrypt data and demand ransom for the decryption. Furthermore, H0lyGh0st infections are known to involve double extortion tactics (i.e., additional threats involving data leaks).

This malware has been linked to North Korean cyber criminals targeting small to medium sized businesses; Microsoft Threat Intelligence Center has been tracking this activity.

After we launched a sample of H0lyGh0st on our testing system, it encrypted files and modified their names. The original filenames were changed to a random character string and were appended with the ".h0lyenc" extension. For example, a file titled "1.jpg" appeared as "U3RhcnQgVG9yIEJyb3dzZXIubG5r.h0lyenc", "2.png" as "SVBWYW5pc2gubG5r.h0lyenc", etc.

Afterwards, an HTML file named "FOR_DECRYPT.html" was dropped onto the desktop. This file contained the ransom-demanding message.

   
Cleancaptcha.top Ads

What kind of page is cleancaptcha[.]top?

Cleancaptcha[.]top is a deceptive website that we discovered while inspecting websites that use rogue advertising networks. It displays deceptive content (a fake CAPTCHA) to trick visitors into agreeing to receive notifications. Additionally, cleancaptcha[.]top redirects to scam websites.

   
Strength Adware

What is Strength adware?

While inspecting scam webpages, our researchers discovered one promoting the Strength rogue application. After analyzing this app, we determined that it operates as advertising-supported software (adware).

   
ApolloRAT Malware

What is ApolloRAT?

ApolloRAT is a piece of malicious software categorized as a RAT (Remote Access Trojan). Malware of this kind enables remote access and control over infected devices.

ApolloRAT is written in Python. Programming languages like Python typically rely on compilers. The developers of this RAT used the Nuitka source-to-source compiler, which is uncommon - but its complexity does make ApolloRAT difficult to reverse engineer.

It is also noteworthy that this malware uses the Discord messaging platform as its C&C server, which adds yet another layer to ApolloRAT's qualities that hinder its detection.

   

Page 504 of 2107

<< Start < Prev 501 502 503 504 505 506 507 508 509 510 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal