Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is DeadLocker?

DeadLocker is the name of ransomware discovered by MalwareHunterTeam. It was found that DeadLocker encrypts files, appends the ".deadlocked" extension to filenames, changes the desktop wallpaper, and displays a pop-up (a ransom note).

An example of how DeadLocker renames files: it changes "1.jpg" to "1.jpg.deadlocked", "2.png" to "2.png.deadlocked", and so forth.

What is YTStealer?

YTStealer is a piece of malicious software classified as a stealer. Malware within this category aims to steal a wide variety of sensitive data. However, YTStealer targets very specific information - one relating to victims' YouTube accounts. Thus the goal of the attackers behind this program is to gain access and control over YouTube accounts.

What is Harditem ransomware?

Harditem is a malicious program based on the Prometheus ransomware. We obtained a sample of this ransomware from VirusTotal.

After Harditem was launched on our test machine, it encrypted files and appended their filenames with the ".harditem" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.harditem", "2.png" as "2.png.harditem", etc. Once this process was completed, a ransom note named - "RESTORE_FILES_INFO.txt" - was created.

Fortunately, Harditem is decryptable, Avast has released a free decryption tool for this ransomware.

What kind of application is Tail web?

Tail web is the name of an application that our team has discovered while inspecting shady websites. After downloading and adding this app to a browser, we found that it changes some settings. It hijacks a web browser to promote tailsearch.com. While testing this site, we found that it is a fake search engine.

What kind of application is PortalUltra?

PortalUltra is an application that our team has discovered after using a fake installer downloaded from a deceptive website. It was found that PortalUltra is a useless application designed to display annoying advertisements. Thus, we categorized this app as adware.

What kind of malware is Llqq?

Our malware researchers have discovered another ransomware belonging to the Djvu family called Llqq while examining malware samples submitted to the VirusTotal site. Llqq is designed to encrypt files and append its extension (".llqq" to filenames). It also creates a text file ("_readme.txt") containing a ransom note.

An example of how files encrypted by Llqq are renamed: "1.jpg" is renamed to "1.jpg.llqq", "2.png" to "2.png.llqq", "3.exe" to "3.exe.llqq", and so forth.

What kind of page is serviceworker[.]click?

While researching untrustworthy sites, we found the serviceworker[.]click rogue webpage. It promotes scams, pushes browser notification spam, and redirects visitors to different (likely dubious/malicious) websites.

Most users enter such pages through redirects caused by sites using rogue advertising networks, spam notifications, intrusive ads, or installed adware.

What is Code Core ransomware?

While looking through new submissions to VirusTotal, our researchers discovered the Code Core ransomware. Malicious programs within this category are designed to encrypt data and demand ransoms for the decryption.

Once a sample of Code Core was executed on our test machine, it encrypted files and appended their filenames with an extension consisting of four random characters. For example, a file titled "1.jpg" appeared as "1.jpg.3tp9", "2.png" as "2.png.69mg", and so on for all of the affected files.

After the encryption was finished, this ransomware created a text file named "code core.txt", which contained the ransom note. Additionally, Code Core changed the desktop wallpaper.

What kind of email is "Chc Energy"?

After inspecting this "Chc Energy" email, we determined that it is spam designed to proliferate malware (malspam). This letter is presented as a notification regarding a blocked registration with CHC ENERGY.

It must be emphasized that these fake emails are in no way associated with this or any other legitimate company. The goal of this spam mail is to infect recipients' devices with the Grandoreiro banking trojan.

What is Skip Over Ads?

Skip Over Ads is the name of a rogue browser extension that our researchers discovered while inspecting dubious download sites. This piece of software promises to block and/or auto-skip advertisements on YouTube. Instead, as our analysis revealed, Skip Over Ads operates like adware - software that displays ads.