Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Cceo?

Cceo is ransomware. It encrypts files and appends the ".cceo" extension to filenames. Also, it creates the "_readme.txt" file that contains instructions on how to contact the attackers and some other details. Our malware researchers discovered Cceo while checking the VirusTotal page for recently submitted malware samples. We found that Cceo is part of the Djvu family.

An example of how Cceo ransomware modifies filenames: it renames "1.jpg" to "1.jpg.cceo", "2.png" to "2.png.cceo", and so forth.

What kind of page is pushmestar[.]com?

Pushmestar[.]com is one of the deceptive web pages designed to display a fake CAPTCHA to trick visitors into agreeing to receive notifications from the page. Also, pushmestar[.]com redirects to a page with an identical design. We discovered this site while examining other websites that use rogue advertising networks.

What kind of page is first-dating[.]top?

First-dating[.]top is a rogue page designed to trick visitors into allowing it to deliver browser notification spam. Furthermore, it can redirect visitors to other (likely untrustworthy/malicious) websites.

Our research team found the first-dating[.]top webpage while inspecting sites that use rogue advertising networks. It is noteworthy that the redirects caused by aforementioned websites are how most users access first-dating[.]top and similar pages.

What is ClearBrowser?

Our research team discovered ClearBrowser while inspecting dubious software-promoting websites. After installing this piece of software on our test machine, we learned that it is a rogue browser based on the Chromium open-source project.

We also learned that ClearBrowser has adware and browser hijacker functionalities. This browser also has a Toolbar called ClearBar. Additionally, since most download/install ClearBrowser inadvertently, it is also classified as a PUA (Potentially Unwanted Application).

What is the "Login Session Authentication" email scam?

After examining this email, we discovered that this is a fake letter from the email service provider regarding an authentication error. It is written/sent by scammers who aim to trick recipients into providing their login credentials on a phishing page. This and similar emails must be ignored.

What is OpticalTransaction?

OpticalTransaction is a rogue application that we discovered while inspecting new submissions to VirusTotal. We installed this piece of software on our test system and learned that it operates as adware. Furthermore, OpticalTransaction belongs to the AdLoad malware family.

What is the "AMAZON TRIAL" pop-up scam?

It is a scam where scammers pretend to conduct a survey. We found that scammers behind this site attempt to trick visitors into believing they can win iPhone 13 by participating in a survey. There are many similar scams on the Internet. Most of them are used to extract money and (or) personal information.

What is Ccza ransomware?

Our researchers discovered the Ccza ransomware-type program while investigating new malware submissions to VirusTotal. We determined that this piece of malicious software is part of the Djvu ransomware family.

After we executed a sample of Ccza on our test system, it encrypted files and appended their filenames with a ".ccza" extension. For example, a file titled "1.jpg" appeared as "1.jpg.ccza", "2.png" as "2.png.ccza", etc. Once this process was completed, a ransom-demanding message in a text file named "_readme.txt" was created.

What is Daz ransomware?

Daz is the name of a ransomware-type program that our researchers found while looking through new submissions to VirusTotal. We determined that this malicious program belongs to the VoidCrypt ransomware family.

We executed a sample of Daz on our testing machine and this ransomware encrypted files. The titled of the compromised files were appended with a unique ID, the cyber criminals' email address, and a ".Daz" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.(MJ-JP7426891503)(Sc0rpio0@tutanota.com).Daz".

Once the encryption process was completed, a ransom-demanding message - "unlock-info.txt" - was created on the desktop.

What kind of application is UniversalHandler?

After examining UniversalHandler, we learned that it is an untrustworthy application designed to generate intrusive advertisements. Apps of this type are classified as adware (advertising-supported applications). It is uncommon for adware to be downloaded and installed willfully. We discovered UniversalHandler after using a fake installer.