Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is VileRAT?

VileRAT is the name of a Remote Access Trojan (RAT) - malware that gives the attacker administrative control over a target computer. It is known that cybercriminals behind VileRAT are targeting foreign and cryptocurrency exchanges. This RAT is capable of executing remote commands, keylogging, and other things.

What is VIPSpace?

Malware developers often use legitimate services to diminish the detectability of their creations, and VIPSpace is an example of this. The VIPSpace malware abuses the Discord messaging platform to proliferate its payloads.

This malicious program serves as a backdoor for other malicious software to infiltrate compromised devices. However, research done by Minerva Labs indicates that VIPSpace is flawed. It introduces a large number of malicious programs into systems and, in the end result, likely crashes them.

This is unlikely to be the cyber criminals' goal, as VIPSpace injects malware that is not destructive but rather intended to steal information, control devices, or perform similar activities.

What kind of page is advertisingvt[.]com?

While analyzing the advertisingvt[.]com website, we learned that it uses deception to trick visitors into allowing it to show notifications and redirects them to other untrustworthy pages. We discovered this site while inspecting pages that use rogue advertising networks. Typically, users end up on such pages inadvertently.

What kind of application is Eye Protection?

After downloading Eye Protection from a shady website and adding it to a browser, we found that it is an extension designed to show unwanted advertisements. Software that generates ads is classified as adware. In addition to showing ads, Eye Protection can read and change all user's data on all websites.

What kind of page is broworker1s[.]com?

Broworker1s[.]com is a rogue webpage that we discovered during a routine inspection of dubious sites. This page operates by promoting spam browser notifications and redirecting visitors to different (likely untrustworthy/malicious) websites. Most users enter pages of this kind via redirects caused by sites using rogue advertising networks.

What kind of page is aspectsofc[.]hair?

During a routine investigation of untrustworthy websites, our research team discovered the aspectsofc[.]hair rogue page. It is designed to load deceptive material, promote browser notification spam, and cause redirects to other (likely dubious/malicious) sites.

Users typically access aspectsofc[.]hair and websites akin to it through redirects caused by pages using rogue advertising networks.

What is 18plusvideos[.]me?

After examining the 18plusvideos[.]me page, we found that its purpose is to get permission to show notifications. It uses a clickbait technique to trick visitors into granting that permission. Additionally, 18plusvideos[.]me can redirect visitors to a similar web page. Typically, visitors open such pages unintentionally.

What kind of page is basitrackone[.]space?

Basitrackone[.]space is a website that shows a deceptive message to trick visitors into allowing it to show notifications and redirects them to other websites. Our team discovered this site while inspecting pages that use rogue advertising networks. Like all the other pages of this type, basitrackone[.]space is not being visited intentionally.

What kind of page is buyfunllc[.]com?

The Internet is rife with deceptive and malicious content. While inspecting untrustworthy websites, our research team found the buyfunllc[.]com rogue page. It promotes browser notification spam and redirects visitors to different (likely dubious/harmful) sites.

Most users enter webpages like buyfunllc[.]com via redirects caused by sites using rogue advertising networks.

What is Colambia ransomware?

While looking through new submissions to VirusTotal, our researchers discovered the Colambia ransomware-type program. This piece of malicious software belongs to the ZEPPELIN ransomware family.

Once we executed a sample of Colambia on our test machine, it began encrypting files and appended their filenames with an extension that follows the ".colambia.[victim's_ID]" pattern. For example, a file originally named "1.jpg" appeared as "1.jpg.colambia.D74-C53-02C" following encryption.

After this process was completed, a ransom-demanding message titled - "!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT" - was dropped onto the desktop.