Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Ggyu?

While examining malware samples submitted to VirusTotal, our malware researchers came across Ggyu - ransomware designed to encrypt files. We also found that Ggyu appends the ".ggyu" extension to filenames and drops the "_readme.txt" file (a file containing a ransom note). Our other finding was that this ransomware belongs to the Djvu family.

An example of how Ggyu renames files: it changes "1.jpg" to "1.jpg.ggyu", "2.png" to "2.png.ggyu", "3.exe" to "3.exe.ggyu", and so forth.

What kind of malware is Ggeo?

While inspecting malware samples submitted to the VirusTotal page, we discovered ransomware (belonging to the Djvu family) called Ggeo. It encrypts files and appends its extension to filenames. For example, Ggeo renames "1.jpg" to "1.jpg.ggeo", "2.png" to "2.png.ggeo", etc. Also, it drops the "_readme.txt" file. This file has a ransom note in it.

What kind of page is easydating[.]top?

Our research team found the easydating[.]top rogue webpage during a routine inspection of questionable websites. This page promotes browser notification spam and redirects visitors to different (likely untrustworthy and/or malicious) websites.

Most users enter easydating[.]top and similar webpages via redirects caused by sites that use rogue advertising networks.

What is WirelessZipServer?

While inspecting new submissions to VirusTotal, we discovered the WirelessZipServer rogue app. After analyzing this piece of software, we determined that it operates as adware and is part of the AdLoad malware family.

What kind of page is captcha-test[.]top?

While visiting and inspecting shady websites that use rogue advertising networks, we discovered another untrustworthy page - captcha-test[.]top. This page uses a clickbait technique to trick visitors into agreeing to receive notifications. Also, it redirects visitors to a similar page.

What is EfficiencyInternet?

During a routine inspection of new submissions to VirusTotal, our researchers found the EfficiencyInternet rogue application. We analyzed this app and learned that it operates as adware and is part of the AdLoad malware family.

What is Mondy Search?

While inspecting deceptive software download webpages, our researchers discovered the Mondy Search browser extension. After analyzing this piece of software, we determined that it operates as a browser hijacker. Mondy Search changes browser settings and promotes the mondysearch.com fake search engine.

What kind of application is HorizonFlower?

HorizonFlower is the name of an application we discovered after using a fake installer downloaded from an untrustworthy page. We found that HorizonFlower is useless (does not have any features) and displays unwanted (intrusive) advertisements. Thus, we concluded that HorizonFlower is an advertising-supported application (adware).

What kind of malware is MRN?

While checking the VirusTotal page for recently submitted malware samples, our team discovered ransomware called MRN. This ransomware encrypts files and appends the victim's ID, virus_monster@tutanota.com email address, and its extension (".MRN") to filenames. It also drops the "unlock-info.txt" text file (a ransom note).

We also found that MRN ransomware belongs to a ransomware family called VoidCrypt. An example of how MRN renames files: it changes "1.jpg" to "1.jpg.(MJ-JL5701849632)(Virus_monster@tutanota.com).MRN", "2.png" to "2.png.(MJ-JL5701849632)(Virus_monster@tutanota.com).MRN", and so forth.

What is ConditionAnalysts?

ConditionAnalysts is a rogue app that our research team found while inspecting new submissions to VirusTotal. Our analysis of this piece of software revealed that it operates as adware and belongs to the AdLoad malware family.