Virus and Spyware Removal Guides, uninstall instructions

What is CladRumble?

While inspecting new submissions to VirusTotal, our researchers discovered the CladRumble application. After analyzing this piece of software, we determined that CladRumble operates as adware and belongs to the AdLoad malware family.

What is "Booking Offer" email virus?

Our inspection of the "Booking Offer" email revealed that it is spam designed to spread malware. This letter claims to contain the specifications for a room booking. When the attached file is opened, it triggers FormBook malware's infection chain.

What is Newware ransomware?

Newware is yet another malicious program belonging to the MedusaLocker ransomware family, which our researchers discovered while inspecting new submissions to VirusTotal.

Once we launched a sample of Newware ransomware on our test machine, it encrypted files and appended their filenames with the ".newware" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.newware", "2.png" as "2.png.newware", etc.

Afterwards, a ransom-demanding message titled "HOW_TO_RECOVER_DATA.html" was dropped onto the desktop.

What is SkyWard?

SkyWard is a rogue app that our researchers discovered while inspecting new submissions to VirusTotal. After analyzing this piece of software, we learned that it operates as adware and belongs to the AdLoad malware family.

What is Non (Phobos) ransomware?

Non is the name of a ransomware-type program that our research team discovered while looking through new submissions to VirusTotal. We determined that this piece of malicious software is part of the Phobos ransomware family.

After executing a sample of Non (Phobos) ransomware on our test system, we learned that it encrypts files and alters their filenames. The titles of affected files were appended with the victim's ID, cyber criminals' email address, and the ".Non" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3268].[noname@mailc.net].Non".

Once the encryption process was competed, ransom notes were created/displayed in a pop-up window ("info.hta") and text file ("info.txt").

What is Ultimate Video Adblocker?

Ultimate Video Adblocker is a rogue browser extension that our research team discovered while inspecting deceptive download webpages.

This piece of software is promoted as an ad-blocking tool capable of eliminating advertisements on YouTube and other popular video-hosting platforms. Instead, our analysis revealed that Ultimate Video Adblocker operates adware (displays ads).

What kind of page is situationalawareness[.]sbs?

We discovered the situationalawareness[.]sbs rogue webpage while inspecting untrustworthy sites. It operates by loading scams, promoting browser notification spam, and redirecting visitors to other (likely unreliable/malicious) websites. Users typically access such pages through sites that use rogue advertising networks.

What is Simple Files Downloader?

Simple Files Downloader is a rogue browser extension promising to operate as a download management tool. Our researchers discovered it while inspecting dubious download webpages. After analyzing this extension, we determined that Simple Files Downloader is advertising-supported software (adware).

What is "Win SAMSUNG GALAXY S22"?

"Win SAMSUNG GALAXY S22" is a scam our researchers found while checking out untrustworthy sites. This phishing scam aims to entice victims into providing personally identifiable information by claiming that by doing so - they have a chance to win a Samsung Galaxy product.

What is "McAfee - Act Now To Keep Your Computer Protected"?

While inspecting rogue websites, our researchers discovered "McAfee - Act Now To Keep Your Computer Protected". Our inspection of this online content revealed that it is a scam intended to trick visitors into downloading/installing and/or purchasing software.

It must be emphasized that this scam is in no way associated with the McAfee anti-virus or McAfee Corp.