Virus and Spyware Removal Guides, uninstall instructions

What is SkyWard?

SkyWard is a rogue app that our researchers discovered while inspecting new submissions to VirusTotal. After analyzing this piece of software, we learned that it operates as adware and belongs to the AdLoad malware family.

What is Non (Phobos) ransomware?

Non is the name of a ransomware-type program that our research team discovered while looking through new submissions to VirusTotal. We determined that this piece of malicious software is part of the Phobos ransomware family.

After executing a sample of Non (Phobos) ransomware on our test system, we learned that it encrypts files and alters their filenames. The titles of affected files were appended with the victim's ID, cyber criminals' email address, and the ".Non" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3268].[noname@mailc.net].Non".

Once the encryption process was competed, ransom notes were created/displayed in a pop-up window ("info.hta") and text file ("info.txt").

What is Ultimate Video Adblocker?

Ultimate Video Adblocker is a rogue browser extension that our research team discovered while inspecting deceptive download webpages.

This piece of software is promoted as an ad-blocking tool capable of eliminating advertisements on YouTube and other popular video-hosting platforms. Instead, our analysis revealed that Ultimate Video Adblocker operates adware (displays ads).

What kind of page is situationalawareness[.]sbs?

We discovered the situationalawareness[.]sbs rogue webpage while inspecting untrustworthy sites. It operates by loading scams, promoting browser notification spam, and redirecting visitors to other (likely unreliable/malicious) websites. Users typically access such pages through sites that use rogue advertising networks.

What is Simple Files Downloader?

Simple Files Downloader is a rogue browser extension promising to operate as a download management tool. Our researchers discovered it while inspecting dubious download webpages. After analyzing this extension, we determined that Simple Files Downloader is advertising-supported software (adware).

What is "Win SAMSUNG GALAXY S22"?

"Win SAMSUNG GALAXY S22" is a scam our researchers found while checking out untrustworthy sites. This phishing scam aims to entice victims into providing personally identifiable information by claiming that by doing so - they have a chance to win a Samsung Galaxy product.

What is "McAfee - Act Now To Keep Your Computer Protected"?

While inspecting rogue websites, our researchers discovered "McAfee - Act Now To Keep Your Computer Protected". Our inspection of this online content revealed that it is a scam intended to trick visitors into downloading/installing and/or purchasing software.

It must be emphasized that this scam is in no way associated with the McAfee anti-virus or McAfee Corp.

What is Sheeva ransomware?

Our research team discovered the Sheeva ransomware during a routine inspection of new malware submissions to VirusTotal.

When we executed a sample of Sheeva on our test machine, it encrypted files and changed their filenames. Affected files were renamed according to this pattern - "id[victim's_ID].[Sheeva@onionmail.org].[original_filename].sheeva", e.g., a file initially titled "1.jpg" appeared as "id[xmrJ9Lve].[Sheeva@onionmail.org].1.jpg.sheeva".

Once the encryption process was completed, this ransomware created a ransom-demanding message named "sheeva.txt" on the desktop.

What kind of page is hexaput0n[.]click?

While inspecting questionable websites, our research team discovered the hexaput0n[.]click page. It operates by running scams, promoting browser notification spam, and redirecting visitors to different (likely untrustworthy/dangerous) sites. Users typically enter these webpages through redirects caused by websites using rogue advertising networks.

What is DimScreen?

DimScreen is a rogue browser extension that our researchers found while inspecting dubious download webpages. It is endorsed as a tool capable of enabling dark mode for simple-design websites. After analyzing this piece of software, we determined that DimScreen operates as adware.