Virus and Spyware Removal Guides, uninstall instructions

What kind of page is captchatest[.]top?

Captchatest[.]top is a rogue webpage that we found while inspecting untrustworthy sites. This page is designed to push browser notification spam and redirect visitors to other (likely unreliable/malicious) websites. Users typically enter such webpages through redirects caused by sites using rogue advertising networks.

What is "Twitter Crypto Giveaway"?

After inspecting the "Twitter Crypto Giveaway" we determined that it is a scam. Similar to countless fake cryptocurrency giveaways, this scam promises to double the amount of Bitcoin (BTC) or Ethereum (ETH) that users transfer to it.

The scheme is presented as a giveaway created by Elon Musk - a business magnate and investor and the Twitter social networking platform. The scammers likely incorporated the two together due to the proposed acquisition of Twitter by Elon Musk in 2022. It must be emphasized that neither Elon Musk nor Twitter, Inc. are associated with this scam.

What is Eegf ransomware?

Our research team discovered the Eegf ransomware while inspecting new submissions to VirusTotal. We determined that this program belongs to the Djvu ransomware family.

After we launched this ransomware on our test machine, it encrypted files and appended their filename with the ".eegf" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.eegf", "2.png" as "2.png.eegf", and so on. Once this process was completed, a ransom-demanding message - "_readme.txt" - was created.

What is Bnrs ransomware?

Bnrs is a ransomware-type program that our researchers discovered while inspecting new submissions to VirusTotal. We determined that Bnrs is part of the Djvu ransomware family.

When we executed a sample of this ransomware on our test machine, it encrypted files and appended their filenames with a ".bnrs" extension. For example, a file initially titled "1.jpg.bnrs" appeared as "1.jpg.bnrs", "2.png" as "2.png.bnrs", etc. Afterwards, a ransom note - "_readme.txt" was created.

What is Fit Video Display?

Fit Video Display is a rogue browser extension that our researchers discovered while inspecting deceptive download webpages. This piece of software promises various video display related features. However, our analysis revealed that Fit Video Display operates as adware.

What kind of malware is Rrcc?

Rrcc is the name of ransomware that our team has discovered while checking the VirusTotal page for recently submitted malware samples. We found that Rrcc encrypts files and appends the ".rrcc" extension to filenames. It also creates a ransom note (the "_readme.txt" file containing payment and contact information). We also learned that Rrcc is part of the Djvu family.

An example of how Rrcc renames files: it changes "1.jpg" to "1.jpg.rrcc", "2.png" to "2.png.rrcc", and so forth.

What is SwiftSearch?

While inspecting deceptive promotional sites, our researchers found the SwiftSearch browser extension. After analyzing SwiftSearch, we determined that it operates as a browser hijacker. The extension changes browser settings to promote the swiftsearch.com fake search engine. Additionally, SwiftSearch spies on users' browsing activity.

What is DockModule?

DockModule is a rogue app that our research team found while checking out new submissions to VirusTotal. After analyzing DockModule, we determined it operates as advertising-supported software (adware) and belongs to the AdLoad malware family.

What is "Dynaseiki Industrial Supplies" email virus?

Our team has examined this email and found that it is disguised as a letter from a company named Dynaseiki Industrial Supplies Sdn. Bhd., and contains a malicious website link. It delivers malware (clicking the link in this email downloads a malicious file). Thus, this email must be ignored.

What kind of scam is "Your MacBook Is Infected With 5 Viruses!"?

It is a scam used to trick visitors into believing that their computers are infected and purchasing antivirus software to remove "detected" viruses. It is disguised as a security warning from the McAfee site. We have discovered this scam while examining websites that use rogue advertising networks (illegal movie streaming pages, torrent sites, and similar pages).