Virus and Spyware Removal Guides, uninstall instructions

What is notadsreviews[.]com?

Notadsreviews[.]com is a shady website that displays deceptive content to trick visitors into allowing it to show notifications. Moreover, it redirects to other untrustworthy websites. Our team has discovered notadsreviews[.]com while examining pages that use rogue advertising networks.

What kind of application is OnlineDisplay?

We have discovered this app on a deceptive website offering to download a software update. After installing and examining the OnlineDisplay, we found that it operates as adware - it displays annoying advertisements. It is worth mentioning that there are plenty of apps like OnlineDisplay, and most of them are promoted in similar ways.

What kind of application is make dark?

make dark is the name of a typical advertising-supported application. The purpose of such apps is to generate annoying advertisements. Typically, they are promoted and distributed using questionable (often deceptive) methods. Our team has discovered at least two shady websites promoting the make dark adware.

What is Extra-Dark?

Extra-Dark is a browser extension supposedly capable of enabling dark mode for simple design websites. Our research team discovered this piece of software while inspecting dubious download webpages. After analyzing Extra-Dark, we determined that it operates as adware.

What kind of malware is Stopfiles?

Stopfiles is ransomware that belongs to the MedusaLocker ransomware family. It encrypts files and appends the ".stopfiles" extension to filenames. We have discovered it while checking the VirusTotal for recently submitted malware samples. Stopfiles provides a ransom note in the "Recovery_Instructions.html" file that it creates on the desktop.

An example of how Stopfiles ransomware modifies filenames: it renames "1.jpg" to "1.jpg.stopfiles", "2.png" to "2.png.stopfiles", and so forth.

What kind of page is kerbians[.]click?

While inspecting untrustworthy websites, we found the kerbians[.]click rogue page. It operates by loading deceptive material, promoting spam browser notifications, and causing redirects to (likely dubious/malicious) sites. Webpages likes kerbians[.]click are usually accessed inadvertently. Most users enter them via websites that use rogue advertising networks.

What is blockZ ransomware?

blockZ is a piece of malicious software categorized as ransomware. Our research team discovered this program while inspecting new malware submissions to VirusTotal.

After we executed a sample of blockZ on our test system, it encrypted files and appended their filenames with a ".blockZ" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.blockZ", ""2.png" as "2.png.blockZ", etc.

Once this process was completed, a ransom-demanding message - "How To Restore Your Files.txt" - was created on the desktop.

What kind of page is news-fedaka[.]cc?

News-fedaka[.]cc displays deceptive content to get permission to show notifications. Also, it redirects to untrustworthy websites. Our team has discovered news-fedaka[.]cc while examining pages that use rogue advertising networks (e.g., illegal movie streaming, torrent sites).

What kind of malware is NB65?

NB65 is ransomware based on another ransomware called CONTI. This malware encrypts files, appends the ".NB65" extension to filenames, and creates the "R3ADM3.txt" file containing a ransom note. It was discovered by Amigo-A. An example of how NB65 renames encrypted files: it changes "1.jpg" to "1.jpg.NB65", "2.png" to "2.png.NB65", and so forth.

What is InitiatorActivity?

InitiatorActivity is an application our researchers found while inspecting fake software updaters/installers. After analyzing this rogue app, we determined that it operates as advertising-supported software (adware). InitiatorActivity also belongs to the AdLoad malware family.