Virus and Spyware Removal Guides, uninstall instructions

What is Ifla ransomware?

During a routine inspection of new submissions to VirusTotal, our researchers found the Ifla ransomware-type program. We determined that this piece of malicious software is part of the Djvu ransomware family.

After being launched onto our test system, this ransomware encrypted files and appended their filenames with a ".ifla" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.ifla", "2.png" as "2.png.ifla", etc. Once the encryption was completed, a ransom note titled "_readme.txt" was created.

What kind of malware is Byya?

Our team discovered Byya while examining the samples submitted to VirusTotal. They found that Byya is ransomware (malware that encrypts files). It appends the ".byya" extension to filenames (for example, renames "1.jpg" to "1.jpg.byya", "2.png" to "2.png.byya"), and generates the "_readme.txt" file that contains a ransom note. Byya is part of the Djvu ransomware family.

What kind of malware is Kruu?

Kruu is ransomware that our malware researchers have discovered while examining samples submitted to the VirusTotal page. We found that Kruu is part of the Djvu ransomware family. It encrypts files and appends the ".Kruu" extension to filenames. Also, it creates the "_readme.txt" file that contains contact and payment information (a ransom note).

An example of how files encrypted by Kruu are renamed: "1.jpg" is renamed to "1.jpg.kruu", "2.png" to "2.png.kruu", and so forth.

What is YouPDFSearch?

After analyzing the YouPDFSearch browser extension, our researchers determined that it is a browser hijacker. Following successful installation onto our test machine, we learned that YouPDFSearch makes changes to browser settings in order to promote the youpdfsearch.com fake search engine.

What kind of page is freenotifications[.]com?

Freenotifications[.]com is a rogue website that our researchers found during a routine inspection of untrustworthy sites. This page is designed to push browser notification spam and redirect visitors to other (likely dubious/malicious) websites. Users typically access such webpages via redirects caused by sites using rogue advertising networks.

What is SearchZubi?

SearchZubi is a browser extension, which we determined to be a browser hijacker. This piece of software modifies browser settings to promote the searchzubi.com fake search engine.

What kind of email is "Donation Grant For You"?

After inspecting the "Donation Grant For You" email, we determined that it is spam. These scam letters attempt to trick recipients into believing that they will receive a massive amount of money as support to individuals and businesses suffering economic setbacks. This mail claims that recipients' emails were selected as winners in a randomized process.

What kind of page is blandcaptcha[.]top?

While inspecting untrustworthy sites, we found the blandcaptcha[.]top webpage. It promotes browser notification spam through the use of fake CAPTCHA verification. Additionally, this page is capable of redirecting visitors to other (likely unreliable/malicious) websites.

Most users enter pages like blandcaptcha[.]top via redirects caused by sites using rogue advertising networks.

What kind of application is SearchMok?

SearchMok is a browser hijacker designed to promote a fake search engine. It hijacks a web browser by changing some of its settings to searchmok.com. Typically, browser-hijacking apps are promoted using questionable pages and other methods. We have discovered SearchMok while inspecting deceptive websites.

What is "PancakeSwap Giveaway"?

"PancakeSwap Giveaway" is a scam we discovered while inspecting deceptive websites. This fake giveaway promises to double the amount of CAKE cryptocurrency that users "contribute" to it. However, users will receive nothing in return and lose everything that they transfer to this scam.