Virus and Spyware Removal Guides, uninstall instructions

What kind of application is Helperate?

Helperate is the name of an application we discovered while inspecting a shady website offering to install a browser extension. Our team has tested Helperate and learned that it functions as adware. This application displays intrusive advertisements. It is strongly recommended not to have it on a web browser.

What is Yalohol ransomware?

Our research team found the Yalohol ransomware-type program during a routine inspection of new malware submissions to VirusTotal. We also learned that this program is part of the Spora ransomware family.

Once we executed a sample of Yalohol on our test system, it encrypted files and changed their filenames. The file titles were appended with a unique ID assigned to the victims, the attackers' email address, and an extension consisting of four random characters. For example, a file named "1.jpg" appeared as "1.jpg1.jpg[ID=Df6M3F-Mail=yalohol9@gmail.com].0MFD".

After the encryption process was completed, Yalohol ransomware created two messages - "ReadMe_Now!.hta" and "Read_Me!_.txt", the latter contained a detailed ransom note.

What kind of malware is Again?

Our malware researchers have discovered a new ransomware called Again while examining malware samples submitted to the VirusTotal website. It was found that Again is part of the Babuk ransomware family. The purpose of this malware is to encrypt files.

Also, Again renames encrypted files (appends the ".again" extension to filenames) and drops a ransom note (the "How To Restore Your Files.txt" file). An example of how Again renames files: it changes "1.jpg" to "1.jpg.again", "2.png" to "2.png.again", "3.exe" to "3.exe.again", and so forth.

What is StandartSync?

Our researchers discovered the StandartSync rogue application during a routine inspection of new submissions to VirusTotal. Our analysis of this app revealed that it operates as advertising-supported software (adware) belonging to the AdLoad malware family.

What kind of application is Dark Surfing?

Dark Surfing application is described as an app allowing users to switch their browser to dark mode. However, after testing the app, we found that it generates advertisements. Thus, our team has classified Dark Surfing as adware. Typically, users do not add (or install) adware on purpose - they cause it inadvertently.

What kind of malware is Jjyy?

Jjyy is ransomware belonging to the Djvu family. Our team has discovered this ransomware while checking the VirusTotal site for recently submitted malware samples. We found that Jjyy encrypts files and appends ".jjyy" as their new extension. Also, it drops the "_readme.txt" file that contains a ransom note.

An example of how Jjyy modifies filenames: it changes "1.jpg" to "1.jpg.jjyy", "2.png" to "2.png.jjyy", "3.exe" to "3.exe.jjyy", and so forth.

What kind of malware is Jjww?

Jjww is ransomware - malware that encrypts files. Also, it modifies filenames and drops the "_readme.txt" file (a ransom note). We discovered Jjww while examining malware samples submitted to VirusTotal. We also found that Jjww belongs to the Djvu ransomware family.

Jjww renames files by appending the ".jjww" extension. For example, it renames "1.jpg" to "1.jpg.jjww", "2.png" to "2.png.jjww", "3.exe" to "3.exe.jjww", and so forth.

What kind of page is defensivereaction[.]cfd?

After examining the defensivereaction[.]cfd page, we found that it is an untrustworthy page running a scam similar to "McAfee - Your PC is infected with 5 viruses!". Also, this site wants to show notifications. Our team has discovered defensivereaction[.]cfd while visiting and examining pages that use rogue advertising networks.

What kind of application is Video Skipping Over?

Video Skipping Over is promoted as the best extension for blocking ads on YouTube. After examining this app, we found that it shows ads instead of blocking them. Thus, we classified Video Skipping Over as adware. Our team has discovered this adware on a shady website.

What kind of page is pc-tools-2022[.]xyz?

We discovered the pc-tools-2022[.]xyz site while inspecting other pages that use rogue advertising networks. We found that pc-tools-2022[.]xyz is running the "McAfee - Your PC is infected with 5 viruses!" scam. Also, this page asks for permission to show notifications. Pages like pc-tools-2022[.]xyz are rarely visited intentionally.