Virus and Spyware Removal Guides, uninstall instructions

What kind of page is goograriva[.]com?

Our researchers discovered the goograriva[.]com rogue page during a routine inspection of dubious websites. This site operates by pushing browser notification spam and redirecting visitors to different (likely untrustworthy/hazardous) webpages.

Most users enter websites like goograriva[.]com via redirects caused by pages using rogue advertising networks.

What kind of page is ourcoolblog[.]com?

While inspecting untrustworthy websites, we discovered the ourcoolblog[.]com rogue page. It is designed to promote spam browser notifications and redirect visitors to other (likely unreliable/malicious) sites. Users typically enter websites like ourcoolblog[.]com via redirects caused by webpages using rogue advertising networks.

What is StealBit?

StealBit is the name of a malicious program designed to exfiltrate (download) sensitive content from infected machines. This malware has been used in campaigns concluding with LockBit ransomware infections.

StealBit is employed in the double-extortion tactics used by LockBit. This program's task is to obtain vulnerable data prior to the ransomware encrypting victims' files. Therefore, in addition to paying a ransom being the only way of decrypting the affected files - it also becomes the solution to preventing the publication of the stolen content.

What kind of application is Cinemate?

Cinemate is described as an app that helps users find movies playing in theaters. We have discovered this app while examining deceptive websites. After downloading and adding Cinemate to a web browser, we learned that it generates advertisements (it functions as adware). It is highly advisable not to install advertising-supported applications.

What kind of malware is Eijy?

Eijy is ransomware that is part of the Djvu ransomware family. It encrypts files and appends the ".eijy" extension to filenames. Also, it creates the "_readme.txt" file containing a ransom note. An example of how Eijy renames files: it renames "1.jpg" to "1.jpg.eijy", "2.png" to "2.png.eijy", "3.exe" to "3.exe.eijy", and so forth.

What kind of malware is Efvc?

While examining the samples submitted to VirusTotal, our malware researchers have discovered a new ransomware belonging to the Djvu ransomware family called Efvc. It encrypts files, appends its extension to filenames (".efvc"), and creates the "_readme.txt" file containing a ransom note.

An example of how Efvc renames files: it renames "1.jpg" to "1.jpg.efvc", "2.png" to "2.png.efvc", "3.exe" to "3.exe.efvc", and so forth.

What kind of malware is Hkgt?

Hkgt is ransomware that encrypts files, appends the ".hkgt" extension to filenames, and creates a text file ("_readme.txt") containing contact and payment information. Files encrypted by Hkgt cannot be opened. Threat actors behind Hkgt demand payment in return for a decryption tool.

Our team discovered Hkgt while examining malware samples submitted to the VirusTotal page. This ransomware belongs to the Djvu family. An example of how it renames files: it renames "1.jpg" to "1.jpg.hkgt", "2.png" to "2.png.hkgt", "3.exe" to "3.exe.hkgt", and so forth.

What kind of page is securedevicesolutions[.]com?

Securedevicesolutions[.]com is a rogue webpage that our researchers discovered while inspecting untrustworthy sites. It is designed to promote deceptive material, push browser notification spam, and cause redirects to other (likely questionable/malicious) pages.

Most users enter websites like securedevicesolutions[.]com via redirects caused by webpages using rogue advertising networks.

What is Grt ransomware?

Our researchers discovered the Grt ransomware during a routine inspection of new submissions to VirusTotal. We determined that this malicious program belongs to the Phobos ransomware family.

Once launched on our test system, this program encrypted files and renamed them. The filenames of affected files were appended with a unique ID, the cyber criminals' email address, and the ".grt" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.id[9ECFA84E-3268].[ghost@mm.st].grt".

After the encryption process was completed, ransom notes were created/displayed in a pop-up window ("info.hta") and text file ("info.txt").

What is the "Loyalty Program" scam?

While inspecting rogue webpages, our research team discovered the "Loyalty Program" scam. It makes false claims about users having a chance of winning a prize by completing a survey. It must be emphasized that the promised gift is fake, and any legitimate entities mentioned in this scam are in no way associated with it. Schemes of this kind typically operate as phishing scams or attempt to trick victims into paying fake fees.