Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Fdcv?

Fdcv is ransomware that encrypts files and appends the ".fdcv" extension to filenames. Also, it creates a text file ("_readme.txt") that contains a ransom note. Our malware researchers have discovered Fdcv while analyzing the samples submitted to the VirusTotal website. They also found that Fdcv belongs to a ransomware family called Djvu.

An example of how files encrypted by Fdcv are renamed: "1.jpg" is renamed to "1.jpg.fdcv", "2.png" to "2.png.fdcv", "3.exe" to "3.exe.fdcv", and so forth.

What kind of page is solidprotectionspc[.]com?

Our research team found the solidprotectionspc[.]com rogue webpage while inspecting unreliable sites. This page operates by promoting deceptive content, pushing browsing notification spam, and redirecting visitors to other (likely untrustworthy/malicious) websites.

Users typically enter these webpages through redirects caused by sites using rogue advertising networks.

What is TURKEY ransomware?

While inspecting new malware submissions to VirusTotal, our researchers found a new malicious program called TURKEY, which is based on Chaos ransomware.

We acquired a sample from VirusTotal and launched it onto our test system. We learned that the TURKEY ransomware encrypts files and appends their filenames with an extension consisting of four random characters. For example, a file initially titled "1.jpg" appeared as "1.jpg.di0h", "2.png" as "2.png.tlfh", and so on for all of the compromised files.

Once the encryption process was completed, a ransom note - "read_it.txt" - was created, and the desktop wallpaper was changed.

What is PowerShell RAT?

PowerShell RAT is the name of a Remote Access Trojan (RAT) written in PowerShell. The term PowerShell refers to a Microsoft Windows program designed for task automation and configuration management (i.e., product functionality, performance, and attribute establishment and maintenance).

The trojan in question is based on this program, and it can execute PowerShell commands. In general terms, RATs operate by creating remote access and control over affected devices.

It is noteworthy that the PowerShell RAT has been actively leveraged against German users seeking information regarding the War in Ukraine.

What kind of malware is SaintStealer?

During our routine malware research, we discovered an information stealer called SaintStealer. We found that this information-stealing malware targets credentials and system information. All gathered information is sent to a Command and Control server. SaintStealer is written in the C# programming language.

What kind of page is webnotificationservices[.]com?

Webnotificationservices[.]com is a rogue webpage that our research team discovered while inspecting untrustworthy sites. It is designed to push browser notification spam and redirect visitors to other (likely unreliable/malicious) websites. Most users enter such webpages via redirects caused by sites that use rogue advertising networks.

What kind of email is "The list of the problem"?

We have examined this email and found that cybercriminals use it to deliver malware. Their goal is to trick recipients into opening the attachment (a malicious file). We are not certain what malware threat actors behind this malspam campaign are distributing, but there is reason to believe it is Agent Tesla RAT.

What kind of application is Quick Baro?

We have discovered the Quick Baro application after downloading it from a deceptive website. We learned that after the installation, Quick Baro hijacks a web browser by changing its settings. This app promotes barosearch.com - a fake search engine.

What is the ZxxZ trojan?

ZxxZ is the name of a malicious program classified as a trojan. This malware is capable of infiltrating additional malicious software into systems. Hence, the threats posed by ZxxZ infections may be particularly broad. It is noteworthy that this trojan has been observed being actively spread via email spam campaigns.

What kind of malware is Matamoe?

Matamoe is ransomware that we discovered while checking the VirusTotal page for recently submitted malware samples. It was found that Matamoe encrypts files, appends the ".matamoe" extension to filenames, changes the desktop wallpaper, and creates the "read_THIS.txt" file (a ransom note).

An example of how the Matamoe ransomware renames files: it changes "1.jpg" to "1.jpg.matamoe", "2.png" to "2.png.matamoe", "3.exe" to "3.exe.matamoe", and so forth.