Virus and Spyware Removal Guides, uninstall instructions

What kind of application is MinimalEnergy?

MinimalEnergy is advertising-supported software (adware) that shows various intrusive advertisements. In most cases, users install software of this type inadvertently. Our team discovered MinimalEnergy while analyzing a fake installer downloaded from an untrustworthy web page.

What is FLSCRYPT ransomware?

Our research team discovered the FLSCRYPT ransomware while inspecting new malware submissions to VirusTotal. This malicious program is part of the Phobos ransomware family.

We executed a sample of FLSCRYPT on our test system, and it encrypted files. The affected files had their filenames appended with a unique ID, the cyber criminals' email address, and a ".FLSCRYPT" extension. For example, a file titled "1.jpg" appeared as "1.jpg.id[9ECFA84E-3373].[decrypt2022@onionmail.org].FLSCRYPT".

After the encryption was competed, this ransomware created two identical ransom notes - "info.hta" (pop-up) and "info.txt" (text file). The message in both makes it clear that FLSCRYPT targets companies rather than home users.

What is Erbium?

Erbium is a piece of malicious software classified as a stealer. Malware within this category is designed to extract vulnerable data from infected devices. Our researchers discovered Erbium while inspecting malware-selling hotspots.

What kind of page is moderncaptcha[.]top?

Moderncaptcha[.]top displays deceptive content/uses a clickbait technique to trick visitors into allowing it to show notifications. Also, it promotes a scam website. Typically, websites like moderncaptcha[.]top are visited unintentionally. We have discovered moderncaptcha[.]top while inspecting pages that use rogue advertising networks.

What kind of page is mp3-now[.]com?

Mp3-now[.]com is an untrustworthy site that our research team found while inspecting dubious pages. This website offers to convert YouTube video links to downloadable MP3 (audio) files.

Not only does this service break copyright laws, but this site also uses rogue advertising networks that are known to push deceptive and malicious material. Additionally, mp3-now[.]com promotes browser notification spam.

What kind of application is Super Colors?

Super Colors is an advertising-supported application. It generates various intrusive advertisements and can read and change all data on all websites. We discovered this application on a shady website offering to add Super Colors before continuing to the page.

What kind of page is ytmp3[.]sh?

After examining ytmp3[.]sh, we learned that this website offers to download videos from YouTube (which is not entirely legal). Also, it asks for permission to show notifications and uses rogue advertising networks (it has untrustworthy ads on it and can redirect to questionable pages).

What is TeachPad?

TeachPad is a rogue app that our researchers discovered while investigating new submissions to VirusTotal. After analyzing this piece of software, we learned that TeachPad operates as adware and belongs to the AdLoad malware family.

What kind of page is ukentaspe[.]xyz?

Ukentaspe[.]xyz is one of the deceptive websites that display fake/deceptive messages to trick visitors into allowing them to show notifications. Also, this site can redirect to other shady websites. We discovered ukentaspe[.]xyz while checking out pages that use rogue advertising networks.

What is BITCOINPAYMENT ransomware?

While inspecting new submissions to VirusTotal, our researchers found yet another malicious program belonging to the Phobos ransomware family. We acquired a sample of this ransomware-type program called BITCOINPAYMENT and executed it on our test machine.

This ransomware encrypted files and appended their filenames with a unique ID, the attackers' email address, and a ".BITCOINPAYMENT" extension. For example, a file named "1.jpg" appeared as "1.jpg.id[9ECFA84E-1095].[cleverhorse@protonmail.com].BITCOINPAYMENT" following encryption.

Once this process was finished, BITCOINPAYMENT dropped two ransom notes titled "info.hta" (pop-up) and "info.txt" (text file) onto the desktop.