Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Vatq?

During our analysis of malware samples submitted to VirusTotal, our team discovered Vatq ransomware, which is a member of the Djvu ransomware family. Once a computer is infected, Vatq encrypts files and modifies their filenames by appending the ".vatq" extension. For example, it renames "1.jpg" to "1.jpg.vatq", "2.png" to "2.png.vatq", and so on.

Additionally, Vatq generates a ransom note in the form of a text file called "_readme.txt". It is highly likely that threat actors distribute Vatq alongside information stealers like Vidar and RedLine.

What kind of page is knuckledzone[.]com?

Our team came across knuckledzone[.]com during our investigation of web pages utilizing dubious advertising networks, and we have identified it as an untrustworthy website employing a clickbait strategy to trick visitors into subscribing to its notifications. It is important to mention that the majority of users come across such pages unintentionally.

What kind of software is Mountains Tab?

Our research team discovered the Mountains Tab browser extension while inspecting suspicious sites. This rogue extension modified browser settings on our test machine and caused redirects to the mountainstab.com fake search engine. This behavior falls within the domain of browser hijackers.

What kind of malware is FAST?

While investigating new submissions to the VirusTotal website, our research team found the FAST ransomware. Malicious programs within this classification are designed to encrypt data and demand ransoms for its decryption.

On our test machine, FAST encrypted files and altered their filenames. Original titles were appended with the cyber criminals' email address, a unique ID assigned to the victim, and the ".FAST" extension. For example, a file named "1.jpg" appeared as "1.jpg.EMAIL=[fastdec@tutanota.com]ID=[A883F7AA2ED1B445].FAST" following encryption.

Once this process was concluded, a ransom-demanding message titled "#FILEENCRYPTED.txt" was dropped onto the desktop.

What kind of page is sadrettinnow[.]com?

During our investigation of suspicious advertising networks, our team came across sadrettinnow[.]com This website is specifically designed to deceive users into subscribing to its notifications and can redirect visitors to similar pages. It is uncommon for users to visit such pages intentionally.

What kind of application is Fast Cars Tab?

During our investigation of the Fast Cars Tab extension, we discovered that it seizes control of web browsers by making changes to their settings. The primary objective of this browser-hijacking extension is to endorse a deceptive search engine known as fastcarstab.com. Furthermore, there is a possibility that the Fast Cars Tab may gather various user data.

What kind of application is Browser Cleaner Pro?

Browser Cleaner Pro is marketed as a powerful tool designed to effectively clean browsing data and cookies. However, while testing this browser extension, our team noticed that it delivers intrusive advertisements. For this reason, we classified Browser Cleaner Pro as adware (advertising-supported software).

What kind of malware is Vaze?

During our analysis of malware samples on VirusTotal, we came across a member of the Djvu ransomware family dubbed Vaze. This particular ransomware encrypts files and modifies their original filenames by appending the ".vaze" extension. It also leaves a ransom note, a text file named "_readme.txt".

As an example, encrypted files may be renamed from "1.jpg" to "1.jpg.vaze", "2.png" to "2.png.vaze", etc. It is worth mentioning that Vaze ransomware may be distributed alongside other types of malware, such as information stealers like Vidar and RedLine.

What kind of malware is Vapo?

Vapo is ransomware belonging to the Djvu family that encrypts files on the victim's computer and requests a ransom payment in exchange for decryption tools. Our team discovered Vapo during an assessment of newly submitted malware samples on VirusTotal. It is worth noting that Vapo may be distributed in conjunction with other malware, such as RedLine or Vidar stealers.

Additionally, Vapo provides a ransom note (it creates the "_readme.txt" file) and appends the ".vapo" extension to filenames. An example of how Vapo changes filenames: it renames "1.jpg" to "1.jpg.vapo", "2.png" to "2.png.vapo", and so forth.

What kind of software is Play Audio?

While investigating untrustworthy websites, our research team discovered the Play Audio browser extension. It is promoted as a tool that enables users to listen to any audio format on the Web.

After analyzing this piece of software, we determined that it is adware. Play Audio runs intrusive advertisement campaigns and collects sensitive user data.