Virus and Spyware Removal Guides, uninstall instructions

What kind of website is flskon[.]click?

Flskon[.]click is an untrustworthy website that runs a scam similar to "Dear [ISP name] user, Congratulations!" and asks for permission to show notifications. We discovered this site while examining various illegal movie streaming pages and torrent sites (and other pages that use rogue advertising networks).

What kind of application is Dark-View?

Our team has discovered the Dark-View browser extension on a deceptive website claiming that it might be required to install this app (for an unspecified reason). We have examined Dark-View and found that it is an advertising-supported application - it generates unwanted advertisements.

What kind of malware is F5Z8A?

F5Z8A is the name of a ransomware variant that we have discovered while analyzing malware samples submitted to the VirusTotal page. It was found that F5Z8A encrypts files and appends the ".F5Z8A" extension to filenames. It also generates a ransom note (the "@@@ To Restore Your Files.txt" file) containing contact information.

An example of how files encrypted by F5Z8A are renamed: "1.jpg" is renamed to "1.jpg.F5Z8A", "2.png" to "2.png.F5Z8A", and so on.

What kind of page is gooddaywith-captcha[.]top?

Gooddaywith-captcha[.]top is a deceptive website that shows a fake CAPTCHA to trick visitors into allowing it to show notifications. Also, this page redirects to other untrustworthy websites. Our team has discovered gooddaywith-captcha[.]top while inspecting sites that use rogue advertising networks.

What is "New Policy Notice" email scam?

After examining this email, we concluded that it is a phishing email used to trick recipients into providing their email account login credentials. It is disguised as a letter from an email service provider regarding some new policy. It contains a website link designed to open a deceptive page.

What kind of page is desktopnotificationshub[.]com?

We have discovered the desktopnotificationshub[.]com page while examining other sites (illegal movie streaming, torrent, and similar pages) that use shady advertising networks. We found that desktopnotificationshub[.]com uses a clickbait technique to get permission to show notifications. It also redirects visitors to other pages of this type.

What kind of malware is Lightning Stealer?

Lightning Stealer is a piece of malware discovered by 3xp0rt. This stealer targets Steam, Telegram, Discord, and cryptocurrency wallet data, passwords, and cookies. It has its administration panel created to manage data logs. Lightning Stealer is sold for 300 rubles for a week, 500 rubles for a month, or 3000 rubles for six months.

What kind of page is reminderapp[.]store?

We have discovered the reminderapp[.]store site while examining various shady websites that use rogue advertising networks. We found that it runs various scams that use scare tactics to trick visitors into downloading a certain application and displays other questionable content. Thus, reminderapp[.]store website cannot be trusted.

What kind of malware is Udla?

Udla is ransomware that belongs to a ransomware family called Djvu. Our team has discovered the Udla ransomware variant while examining the samples submitted to VirusTotal. After analyzing it, we found that it encrypts files, appends the ".udla" extension to filenames, and creates the "_readme.txt" file as its ransom note.

An example of how Udla modifies filenames: it renames "1.jpg" to "1.jpg.udla", "2.png" to "2.png.udla", and so forth.

What kind of malware is Gtys?

Gtys is ransomware that encrypts files and changes their extension to ".gtys". It is one of the variants belonging to the Djvu ransomware family. Our team has discovered it while checking malware samples submitted to VirusTotal. The ransom note ("_readme.txt" file) contains instructions on how to contact the attackers for data decryption.

An example of how Gtys renames files: it changes "1.jpg" to "1.jpg.gtys", "2.png" to "2.png.gtys", and so forth.