Virus and Spyware Removal Guides, uninstall instructions

What kind of page is aigaithojo[.]com?

Aigaithojo[.]com is an untrustworthy page that wants to show notifications. It uses a clickbait technique (a deceptive method) to trick visitors into allowing it to show those notifications. Also, aigaithojo[.]com redirects visitors to other websites. We discovered aigaithojo[.]com while inspecting pages that use rogue advertising networks.

What is Screen Locking malware?

Screen Locking malware refers to screenlocker-type ransomware programs that target Android operating systems. There are numerous variants of this malware, but they differ from previously observed Android screenlockers due to the novel techniques that they use. This is a high-end screenlocker family which boasts multiple variants and a continuously evolving methodology.

The goal of this malware is to push victims into paying a ransom in order to remove the messages that prevent them from using their devices. Unlikely other ransomware types, these screenlockers do not encrypt victims' files.

What kind of malware is Manjusaka?

While examining a malicious document containing Cobalt Strike beacon, we discovered a new malware called Manjusaka. This malware has the capabilities of a Remote Access Trojan (RAT). Cybercriminals can use it for various purposes (from stealing information to managing files). Manjusaka can be planted on Windows and Linux systems.

What kind of malware is Vvyu?

Vvyu is ransomware that encrypts files and modifies filenames (appends the ".vvyu" extension to filenames). We found this ransomware while examining malware samples submitted to the VirusTotal page. In addition to encrypting and renaming files, Vvyu drops the "_readme.txt" file, a ransom note. We also found that Vvyu belongs to the Djvu family.

An example of how Vvyu modifies filenames: it renames "1.jpg" to "1.jpg.vvyu", "2.png" to "2.png.vvyu", "3.exe" to "3.exe.vvyu", and so forth.

What kind of application is Diet?

Diet is the name of adware (advertising-supported software) that shows unwanted applications. Our team discovered it after inspecting an ISO file downloaded from a deceptive website. The purpose of the Diet is to display unwanted (intrusive) advertisements. This untrustworthy software should be removed from computers.

What kind of page is twithdiffer[.]xyz?

Our researcher team found the twithdiffer[.]xyz rogue site while looking through various untrustworthy webpages. This page is designed to promote spam browser notifications and redirect visitors to other (likely unreliable or malicious) sites.

Twithdiffer[.]xyz and similar webpages are usually accessed through redirects caused by websites that employ rogue advertising networks.

What kind of pages are the mo*.biz sites?

Mo*.biz is the address (URL) shared by a group of rogue websites, which include mo01[.]biz, mo02[.]biz, mo03[.]biz, mo04[.]biz, mo05[.]biz, mo06[.]biz, mo07[.]biz, and many others. These sites are designed to load deceptive content, promote browser notification spam, and redirect users to different (likely untrustworthy/malicious) webpages.

Most visitors to sites like mo*.biz enter them via redirects caused by pages using rogue advertising networks.

What is Toa ransomware?

Our research team discovered the Toa ransomware during a routine inspection. This malicious program is based on Chaos ransomware.

After we executed a sample of Toa on our testing system, it encrypted data and demanded payment for the decryption. The filenames of the affected files were appended with an extension of four random characters, e.g., "1.jpg" appeared as "1.jpg.u6ae", "2.png" as "2.png.cine", etc. Once this process was finished, Toa dropped a ransom note - "read_it.txt" onto the desktop.

What kind of website is smartcaptcha[.]top?

While analyzing pages that use rogue advertising networks, we encountered smartcaptcha[.]top - another questionable website. We learned that smartcaptcha[.]top displays a deceptive image and message to trick visitors into agreeing to receive notifications. Also, it redirects visitors to various scam websites.

What kind of application is BridgePro?

BridgePro is the name of an application that we discovered on a deceptive web page claiming that the installed version of Adobe Flash Player is out of date. After downloading and testing BridgePro, we found that it is an useless application that shows annoying advertisements. Therefore, we classified BridgePro as adware.