Virus and Spyware Removal Guides, uninstall instructions

What kind of page is hugeer[.]club?

While inspecting untrustworthy websites, we discovered the hugeer[.]club rogue page. It promotes scams, pushes browser notification spam, and redirects visitors to other (likely unreliable/malicious) sites. Users typically enter websites like hugeer[.]club via redirects caused by pages using rogue advertising networks.

What kind of website is news-rofahe[.]cc?

News-rofahe[.]cc is one of the websites designed to trick visitors into agreeing to receive notifications. Also, this page can open other websites of this type. Our team discovered news-rofahe[.]cc while inspecting websites that use rogue advertising networks. Typically, sites like news-rofahe[.]cc are visited unintentionally.

What is AssetFrame?

AssetFrame is a rogue app that our researchers discovered while looking through new submissions to VirusTotal. After analyzing this application, we determined that it operates as adware and belongs to the AdLoad malware family.

What kind of malware is Miami44?

While analyzing malware samples submitted to VirusTotal, we discovered a new Chaos ransomware variant called Miami44. This ransomware encrypts files and appends four random characters to their filenames as their new extension. Also, Miami44 creates the "README.txt" file, a ransom note containing contact information.

An example of how Miami44 modifies filenames: it renames "1.jpg" to "1.jpg.qwxo", "2.png" to "2.png.jhcf", and so forth.

What kind of page is news-focedu[.]cc?

News-focedu[.]cc is a deceptive website that we discovered while inspecting various illegal movie streaming pages, torrent sites, and other pages that use rogue advertising networks. After examining news-focedu[.]cc, we found that it displays shady content, asks for permission to show notifications, and redirects to similar pages.

What kind of malware is Bydes?

While inspecting malware samples submitted to the VirusTotal page, our team discovered ransomware called Bydes. After analysis, we found that Bydes encrypts files, copies every encrypted file and appends the ".bydes" extension to its filename, and displays a pop-up window containing a ransom note.

An example of how Bydes ransomware renames copied encrypted files: it renames "1.jpg" to "1.jpg.bydes", "2.png" to "2.png.bydes", "3.xlsx" to "3.xlsx.bydes", and so forth.

What kind of page is advnotlab[.]com?

Our research team discovered the advnotlab[.]com rogue site during a routine inspection of untrustworthy webpages. Advnotlab[.]com operates by promoting browser notification spam and redirecting visitors to different (likely unreliable/malicious) websites.

Users typically enter sites of this kind via redirects caused by others that use rogue advertising networks, mistyped URLs, spam notifications, intrusive ads, or installed adware.

What kind of page is defenderweb[.]xyz?

Defenderweb[.]xyz is a rogue webpage that we found while inspecting questionable sites. It is designed to load deceptive content (scams), promote spam browser notifications, and redirect visitors to different (likely unreliable/malicious) websites.

Most users access pages like defenderweb[.]xyz through redirects caused by webpages that use rogue advertising networks.

What kind of page is mycomputerads[.]com?

Mycomputerads[.]com is a rogue webpage that our researchers discovered while inspecting unreliable sites. It is designed to push spam browser notifications and redirects visitors to other (likely untrustworthy/malicious) websites. Users typically access such pages via redirects caused by sites using rogue advertising networks.

What is lXXwXXXNQ ransomware?

During a routine inspection of new malware submissions to VirusTotal, our researchers discovered the lXXwXXXNQ ransomware.

Once this malicious program was executed on our test machine, it encrypted files and appended their filenames with a ".lXXwXXXNQ" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.lXXwXXXNQ", "2.png" as "2.png.lXXwXXXNQ", etc.

Afterwards, this ransomware created a ransom note - "HELP_DECRYPT_YOUR_FILES.txt" - on the desktop.