Virus and Spyware Removal Guides, uninstall instructions

What kind of page is highpotencysoftware[.]com?

Our researchers found the highpotencysoftware[.]com rogue webpage while inspecting unreliable sites. This page promotes scams, pushes spam browser notifications, and redirects visitors to different (likely untrustworthy/malicious) websites.

Most users enter highpotencysoftware[.]com and similar webpages through redirects caused by sites using rogue advertising networks.

What is U2K ransomware?

While inspecting new submissions to VirusTotal, our researchers discovered the U2K ransomware. We determined that this malicious program is identical to MME ransomware.

After we launched a sample of U2K on our test machine, it encrypted files and altered their names. The filenames were appended with the ".U2K" extension, e.g., a file initially titled "1.jpg" appeared as "1.jpg.U2K", "2.png" as "2.png.U2K", etc. Once this process was completed, a ransom-demanding message - "ReadMe.txt" - was created.

What kind of page is rewardusacenter[.]com?

Rewardusacenter[.]com is a deceptive website that wants to show notifications and redirects visitors to a scam website (possibly to more than one). We discovered rewardusacenter[.]com while analyzing certain websites that use rogue advertising networks. It is uncommon for sites like rewardusacenter[.]com to be visited intentionally.

What kind of malware is Youfileslock?

We discovered a new ransomware called Youfileslock while checking the VirusTotal page for the recently submitted samples. Our key findings were that Youfileslock belongs to the MedusaLocker family, encrypts files, appends the ".youfileslock" extension to filenames, and creates the "HOW_TO_RECOVER_DATA.html" file with a ransom note in it.

An example of how Youfileslock modifies filenames: it renames "1.jpg" to "1.jpg.youfileslock", "2.png" to "2.png.youfileslock", "3.exe" to "3.exe.youfileslock", and so forth.

What is HorizonCentric?

HorizonCentric is a rogue app that our researchers discovered while looking through new submissions to VirusTotal. Our analysis of this piece of software revealed that it operates as adware and belongs to the AdLoad malware family.

What is a fake Coinbase Wallet extension?

Fake Coinbase Wallet extension - refers to a rogue browser extension disguised as a Coinbase product. Unwanted software often uses the names, graphics, and other content belonging to legitimate products - in order to trick users into download/installation.

Typically, software that uses deceptive tactics to infiltrate users' devices has harmful functionalities. These functions can vary as the same disguises can be used by a multitude of rogue apps and browser extensions/plug-ins.

Our researchers found the fake Coinbase Wallet extension while inspecting sites offering "cracked" software downloads. After analyzing this browser extension, we learned that it operates as adware.

What kind of website is special-discounts[.]club?

Special-discounts[.]club is designed to display deceptive content to trick visitors into agreeing to receive notifications. Also, it can redirect visitors to other shady pages. Our team discovered special-discounts[.]club while inspecting torrent sites, illegal movie streaming pages, and similar websites.

What kind of application is DynamicSync?

After downloading and installing the DynamicSync application, we found that it is a useless app that functions as adware. It generates intrusive advertisements. We discovered this adware while examining deceptive pages encouraging visitors to update "outdated" software.

What kind of malware is WANNAFRIENDME 2?

WANNAFRIENDME 2 is ransomware that encrypts files, modifies filenames (appends the ".iRazormind" extension), and drops the "README.txt" file containing a ransom note. Our team discovered this ransomware while inspecting malware samples submitted to VirusTotal.

An example of how WANNAFRIENDME 2 renames files: it changes "1.jpg" to "1.jpg.iRazormind", "2.png" to "2.png.iRazormind", and so forth.

What kind of application is FormatSync?

We discovered FormatSync while inspecting shady websites distributing fake Adobe Flash Player installers. After downloading and installing this app, we learned that it displays annoying advertisements. Apps like FormatSync are classified as advertising-supported applications.