Virus and Spyware Removal Guides, uninstall instructions

What kind of page is guroshied[.]com?

Guroshied[.]com is a deceptive website designed to trick visitors into agreeing to receive notifications (into clicking the "Allow" button). Additionally, it promotes other websites by redirecting visitors to them. Our team discovered guroshied[.]com while examining other sites that use rogue advertising networks.

What kind of page is video18on[.]com?

Video18on[.]com is a rogue website that our researchers found while inspecting untrustworthy pages. It promotes browser notification spam and redirects visitors to different (likely dubious/malicious) sites. Users typically enter video18on[.]com and websites akin to it - via redirects caused by pages using rogue advertising networks.

What is Zip Like a Pro?

Zip Like a Pro is a rogue browser extension that our researchers discovered while inspecting dubious download pages. This piece of software is presented as a tool designed to extract files and compress them into various formats. Instead, our analysis revealed that Zip Like a Pro operates as adware.

What is findresultsnow.co?

Findresultsnow[.]co is the address (URL) of a fake search engine. Websites of this kind are usually promoted by rogue software classified as browser hijackers. They operate by making modifications to browser settings in order to cause redirects to illegitimate search engines.

Findresultsnow[.]co is capable of providing search results, but they are inaccurate and include various advertisements. It is also noteworthy that these search engines and browser-hijacking software usually collect sensitive data.

What is the Woody RAT?

Woody is the name of a Remote Access Trojan (RAT). Malware within this category allows remote access and control over compromised machines. Woody is a piece of sophisticated malicious software, and it has a variety of functionalities.

The research done by the Malwarebytes Threat Intelligence team indicates that the cyber criminals behind Woody target various Russian entities such as the United Aircraft Corporation (OAK).

What is Webmail Manager email scam?

After examining this email, we found that it is a deceptive email masquerading as a letter from an email service provider. Scammers behind it attempt to trick recipients into opening the provided website link. Their goal is to extract sensitive information via a phishing website.

What is Trust Wallet App malware?

While inspecting untrustworthy cryptocurrency-related websites, we discovered a fake Trust Wallet page hosting Android malware. Cybercriminals use this site to trick unsuspecting visitors into downloading a backdoored version of the Trust Wallet application.

While inspecting this malware, we noticed that only a few security vendors detected it as malicious (at the time of research a list of security vendors that detect it as malicious was short).

What is Payt ransomware?

Payt is a ransomware-type program that our research team discovered while inspecting new submissions to VirusTotal.

When we executed this ransomware on our test system, it encrypted files and appended their filenames with a unique ID, the cyber criminals' email address, and either a ".Payt" or ".payt" extension. For example, a file named "1.jpg" appeared as "1.jpg.[MJ-YK7364058912](wesleypeyt@tutanota.com).Payt".

After the encryption process was finished, the Payt ransomware dropped a ransom-demanding message titled "ReadthisforDecode.txt" onto the desktop.

What kind of application is AnalyzerSystem?

AnalyzerSystem is an untrustworthy application distributed via a fake Adobe Flash Player installer. After installing and analyzing the app, we learned that it is useless and shows unwanted advertisements. Thus, we classified AnalyzerSystem as adware.

What kind of page is musicinmysoul[.]biz?

After examining musicinmysoul[.]biz, we learned that it displays deceptive content to trick visitors into allowing it to show notifications. Another reason not to trust musicinmysoul[.]biz is that it can redirect to other pages of this kind. We discovered musicinmysoul[.]biz while inspecting websites that use rogue advertising networks.