Virus and Spyware Removal Guides, uninstall instructions

What kind of page is websecurityprograms[.]com?

Websecurityprograms[.]com is a rogue webpage that our research team discovered while inspecting untrustworthy sites. This page operates by hosting scams, promoting browser notification spam, and redirecting visitors to different (likely unreliable/malicious) websites.

Users typically enter pages like websecurityprograms[.]com through sites that use rogue advertising networks.

What is Research Alts?

Research Alts is the name of a rogue browser extension that our researchers found while inspecting dubious download websites. It is endorsed as a tool capable of providing additional search results when a site is down (unavailable) - specifically within the realm of interest for students and researchers. Our analysis of Research Alts revealed that it operates as adware.

What is Trins ransomware?

Trins is the name of a ransomware-type program that our research team discovered while looking through new submissions to VirusTotal.

We executed a sample of this ransomware on our test machine and learned that it encrypts files and appends their filenames with a ".trins" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.trins", "2.png" as "2.png.trins", and so on for all of the affected files.

After the encryption process was finished, a ransom-demanding message - "RECOVERY.txt" - was dropped onto the desktop.

What kind of page is pcdefencerequired[.]com?

Pcdefencerequired[.]com shows deceptive content to trick visitors into believing that their computers are infected. Also, this page asks for permission to show untrustworthy notifications. Our team discovered pcdefencerequired[.]com while examining websites that use questionable advertising networks.

What kind of page is playgamego[.]xyz?

During a routine inspection of rogue webpages, our researchers discovered the playgamego[.]xyz rogue site. It is designed to promote browser notification spam and redirect visitors to other (likely untrustworthy/harmful) websites. Most users access sites like playgamego[.]xyz through redirects caused by pages that use rogue advertising networks.

What kind of website is news-voxodo[.]cc?

News-voxodo[.]cc is a deceptive website that we have discovered while examining other pages that use rogue advertising networks. After inspecting this page, we found that it displays deceptive content to trick visitors into agreeing to receive notifications. Also, it redirects to another shady website.

What kind of malware is Decrypt?

Decrypt is the name of ransomware that our team has discovered while examining malware samples submitted to the VirusTotal page. This ransomware encrypts files (and modifies their filenames), and generates two ransom notes ("info.hta" and "info.txt"). It belongs to a ransomware family called Phobos.

Decrypt appends the victim's ID, johnhelper@gmx.de email address, and ".decrypt" extension to filenames. For example, it renames "1.jpg" to "1.jpg.id[1E857D00-3349].[johnhelper@gmx.de].decrypt", "2.png" "2.png.id[1E857D00-3349].[johnhelper@gmx.de].decrypt", and so forth.

What kind of page is eegeeglou[.]com?

Eegeeglou[.]com is a website that uses a clickbait technique to trick visitors into allowing to show notifications. Also, it redirects to other pages. We discovered eegeeglou[.]com while inspecting various pages that use rogue advertising networks (for example, illegal movie streaming pages, torrent sites).

What is CRYPTER v2.40 ransomware?

CRYPTER v2.40 is a piece of malicious software classified as ransomware. Programs within this classification are designed to encrypt files and demand payment for the decryption.

After we launched a sample of CRYPTER v2.40 on our test machine, it encrypted files and appended their filenames with a ".crypter" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.crypter", "2.png" as "2.png.crypter", and so on.

Once this process was completed, a pop-up window was displayed. The text presented in this pop-up contained the ransom note.

What kind of malware is Zfdv?

Zfdv is the name of a ransomware variant belonging to the Djvu family. Our team discovered it while checking the VirusTotal page for recently submitted malware samples. We found that Zfdv encrypts files and appends ".zfdv" extension to filenames. It also provides a ransom note (creates the "_readme.txt" file).

An example of how Zfdv renames files: it renames "1.jpg" to "1.jpg.zfdv", "2.png" to "2.png.zfdv", and so forth.