Virus and Spyware Removal Guides, uninstall instructions

What is Top Search?

While inspecting untrustworthy download webpages, our research team discovered the Top Search browser extension. Our analysis of this extension revealed that it operates as browser-hijacking software and promotes the search.tops-searchs.com fake search engine.

What kind of malware is LockBit 3.0?

LockBit 3.0 (also known as LockBit Black) is a new variant of the LockBit ransomware. It encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a text file (named "[random_string].README.txt") on the desktop. LockBit 3.0 replaces the name of the file and its extension with random dynamic and static strings.

An example of how LockBit 3.0 renames files: it replaces "1.jpg" with "CDtU3Eq.HLJkNskOq", "2.png" with "PLikeDC.HLJkNskOq", "3.exe" with "qwYkH3L.HLJkNskOq", and so forth.

What kind of malware is Ghsd?

Ghsd is ransomware, a form of malware designed to encrypt files. We discovered it while examining the samples submitted to VirusTotal. Ghsd is part of the Djvu ransomware family. It not only encrypts but also renames files (by appending the ".ghsd" extension to filenames) and drops the "_readme.txt" file containing a ransom note.

An example of how Ghsd renames files: it renames "1.jpg" to "1.jpg.ghsd", "2.png" to "2.png.ghsd", and so forth.

What is Ner ransomware?

While inspecting recent malware submissions to VirusTotal, our researchers discovered a new variant of Sojusz ransomware called Ner.

We analyzed a sample of this ransomware by executing it on our test machine. Ner encrypted files and modified their filenames. Original titles were appended with a unique ID, cyber criminals' email address, and the ".ner" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.[c5e4c3a8c7].[thetan@nerdmail.co].ner", etc.

Once the encryption was done, a ransom note - "!!!HOW_TO_DECRYPT!!!.txt" - was dropped onto the desktop. The text presented therein makes it evident that Ner targets companies instead of home users.

What kind of application is ObsessionScript?

While examining deceptive websites encouraging to download a fake Adobe Flash Player installer, we found an application called ObsessionScript. After testing the app, our team learned that it functions as adware - it feeds users with annoying advertisements.

What kind of application is Easy Search?

While examining questionable pages, our team discovered an application called Easy Search. We found that this app promotes the search.easy-searchs.com address. It does so by hijacking a web browser (by changing its settings). We also found that search.easy-searchs.com is a fake search engine.

What is Dark Mode Online?

While inspecting dubious download webpages, our researchers discovered the Dark Mode Online browser extension. After analyzing Dark Mode Online, we determined that it operates as advertising-supported software (adware).

What is Common Search?

While inspecting questionable download webpages, our research team discovered the Common Search browser extension. Our analysis of this piece of software revealed that it operates as a browser hijacker. Common Search changes browser settings to promote the search.common-search.com fake search engine.

What is VantageReservation?

VantageReservation is a piece of rogue software that our researchers discovered while inspecting new submissions to VirusTotal. Our analysis of this app revealed that it is adware belonging to the AdLoad malware family.

What is Jenny ransomware?

Discovered by the MalwareHunterTeam, Jenny is a piece of malicious software classified as ransomware. Programs within this classification encrypt victims' data and demand payment for the decryption.

When we launched a sample of Jenny on our test system, it encrypted files and appended their filenames with a ".JENNY" extension, e.g., a file titled "1.jpg" appeared as "1.jpg.JENNY", "2.png" as "2.png.JENNY", etc. Afterwards, this ransomware changed the desktop wallpaper and displayed a pop-up window.

However, Jenny does not make any demands, nor do its notes contain any contact information. Therefore, it is unclear whether this is because the program was released for testing purposes or due to the developers' ineptitude.