Virus and Spyware Removal Guides, uninstall instructions

What kind of page is pcprotect[.]name?

While looking through dubious webpages, our research team found the pcprotect[.]name rogue site. It promotes scams, pushes browser notification spam, and redirects visitors to other (potentially unreliable/harmful) pages.

Users typically enter sites like pcprotect[.]name through redirects caused by webpages that use rogue advertising networks.

What kind of application is Video Player?

While inspecting a shady page, our team discovered a browser extension called Video Player. After testing the app, we found that it generates advertisements (it is an advertising-supported application). It is not recommended to have any adware added to a browser, especially if it was downloaded from an untrustworthy source.

What is Washedback ransomware?

Washedback is a piece of malicious software categorized as ransomware. Malware within this category encrypts data and demands ransoms for the decryption. Washedback is part of the Sojusz ransomware family.

On our test system, the Washedback program encrypted files and altered their filenames. To elaborate, the filenames were appended with a unique ID assigned to the victim, the cyber criminals' contact name, and a ".Washedback" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.[a3470ab7d0].[RicardoMilos].Washedback".

Once this process was finished, a text file titled "#HOW_TO_DECRYPT#.txt" was dropped onto the desktop. This file contained the ransom-demanding message.

What kind of malware is DARKY LOCK?

While analyzing the recently submitted samples to the VirusTotal site, our team discovered DARKY LOCK, which is ransomware. DARKY LOCK encrypts files, appends the ".darky" extension to filenames, and creates a ransom note (the "Restore-My-Files.txt" file). We also found that this ransomware is part of the Babuk family.

An example of how files encrypted by DARKY LOCK are renamed: "1.jpg" is renamed to "1.jpg.darky", "2.png" is renamed to "2.png.darky", "3.exe" is renamed to "3.exe.darky", and so forth.

What kind of malware is Jjll?

Jjll is ransomware that belongs to the Djvu family. It encrypts files and modifies their filenames (it appends the ".jjll" extension to filenames) and drops the "_readme.txt" file/a ransom note. An example of how Jjll modifies filenames: it renames "1.jpg" to "1.jpg.jjll", "2.png" to "2.png.jjll", "3.exe" to "3.exe.jjll", and so forth.

What is "Make It Dark"?

Make It Dark is a rogue browser extension that we discovered while inspecting questionable download webpages. This piece of software is promoted as a tool capable of enabling dark mode for browsers. However, our analysis revealed that Make It Dark operates as adware instead.

What kind of page is findallmoneysurvey[.]top?

Findallmoneysurvey[.]top is a rogue webpage that we discovered while inspecting dubious sites. It is designed to load deceptive content, promote browser notification spam, and redirect visitors to different (likely untrustworthy/malicious) websites.

Users mostly enter findallmoneysurvey[.]top and pages akin to it - through redirects caused by sites that use rogue advertising networks.

What kind of application is what color?

The what color adware is the name of a browser extension that our team has discovered on a deceptive page instructing to add this extension/application to complete some process. After testing the app, we found that it is adware - it displays annoying/intrusive advertisements. Thus, it is advisable not to have what color app added to a browser.

What kind of page is omouswomani[.]xyz?

After examining the omouswomani[.]xyz page, we concluded that it is a deceptive website designed to trick visitors into agreeing to receive notifications. Our team has discovered omouswomani[.]xyz while inspecting other websites that use rogue advertising networks. It is very uncommon for pages like omouswomani[.]xyz to be opened/visited intentionally.

What is Avoiding Ads?

While inspecting dubious download webpages, our researchers discovered one promoting the Avoiding Ads browser extension. It is endorsed as an ad-blocking tool (adblocker) for YouTube. After analyzing this piece of software, we learned that it operates as adware (i.e., delivers advertisements).