Virus and Spyware Removal Guides, uninstall instructions

What kind of application is ManagerTemplate?

While inspecting various shady/deceptive websites, we discovered an application called ManagerTemplate. After installing and examining ManagerTemplate, we learned that it generates intrusive advertisements. Thus, we classified ManagerTemplate as adware.

What is FartingGiraffeAttacks ransomware?

Our researchers discovered the FartingGiraffeAttacks ransomware while inspecting new submissions to VirusTotal. We also found that this malicious program is part of the MedusaLocker ransomware family.

When we launched a sample of this ransomware on our testing system, it encrypted files and appended their filenames with a ".FartingGiraffeAttacks" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.FartingGiraffeAttacks", "2.png" as "2.png.FartingGiraffeAttacks", etc.

Once this process was completed, FartingGiraffeAttacks dropped its ransom note on the desktop; this file was named "HOW_TO_RECOVER_DATA.html". Based on the message in this file, we can surmise that FartingGiraffeAttacks targets companies rather than home users.

What kind of page is ovenelapodioria[.]com?

While inspecting unreliable websites, our researchers found the ovenelapodioria[.]com rogue page. It is designed to push browser notification spam and redirect visitors to other (likely dubious/malicious) sites. Most users typically access such webpages through redirects caused by sites using rogue advertising networks.

What kind of application is Finding Solutions?

Finding Solutions is described as an application allowing to look up issues with sites that are down. Our team has discovered Finding Solutions on a questionable page, offering to add this app before continuing to the page. After examining this app, we found that it functions as adware. It shows unwanted advertisements.

What is Getmut Cleaner?

While inspecting websites offering "cracked" software for download, our research team discovered the Getmut Cleaner PUA (Potentially Unwanted Application). The app's "official" promotional webpage endorses it as a tool capable of cleaning, protecting, and improving the performance of operating systems.

Getmut Cleaner is classified as a PUA due to the dubious methods used to distribute it. Additionally, most unwanted apps offer fake functionalities to lure users into purchase.

Multiple security tools on VirusTotal classify this application as a threat to systems; some even detect it as "spyware". Therefore, it is likely that Getmut Cleaner has harmful abilities that include data tracking.

What is "Whats App - Missed Voice Message" email scam?

After examining this email, we found that it is sent by scammers who aim to trick recipients into opening various scam websites. It is disguised as a letter from WhatsApp regarding a missed voice message. This and similar emails must be ignored.

What is activesearchbar.me?

While inspecting browser hijackers, our research team discovered the activesearchbar.me fake search engine. Typically, illegitimate searching tools like activesearchbar.me are promoted by browser-hijacking software, which modifies browser settings to cause redirects to these websites.

Additionally, fake search engines usually collect (and sell) information about their visitors, which makes them a threat to user privacy.

What kind of malware is Lomiat?

Our malware researchers have discovered a new ransomware called Lomiat while inspecting samples submitted to the VirusTotal web page. We found that Lomiat belongs to the Xorist ransomware family. The purpose of Lomiat is to encrypt files. Also, it appends the ".LoMiAt" extension to filenames and creates a ransom note (the "HOW TO DECRYPT FILES.txt" file).

An example of how Lomiat modifies filenames: it renames "1.jpg" to "1.jpg.LoMiAt", "2.png" to "2.png.LoMiAt", "3.exe" to "3.exe.LoMiAt", and so forth.

What is PrimeAurora?

Our researchers discovered the PrimeAurora application during a routine inspection of new submissions to VirusTotal. After inspecting this piece of software, we determined that it is adware belonging to the AdLoad malware family.

What kind of application is PropCreative?

While inspecting deceptive websites offering to download "useful" applications, we found an application called PropCreative. During the analysis, we found that PropCreative is adware - it displays intrusive advertisements. Additionally, PropCreative can read sensitive information.