Virus and Spyware Removal Guides, uninstall instructions

What kind of browser extension is original dark?

Original dark is a browser extension our research team discovered while inspecting deceptive download pages. This piece of software promises to create a dark mode for websites. After analyzing original dark, we determined that this extension operates as adware.

What kind of malware is Snwd?

Our malware researchers have discovered a new Dharma ransomware variant called Snwd (it was found during the analysis of malware samples submitted to VirusTotal). Snwd encrypts files and appends the victim's ID, snowwind@tutanota.com email address, and the ".snwd" extension to filenames. Its ransom notes are provided in a pop-up window and the "info.txt" file.

An example of how files encrypted by Snwd ransomware are renamed: "1.jpg" is renamed to "1.jpg.id-9ECFA84E.[snowwind@tutanota.com].snwd", "2.png" to "2.png.id-9ECFA84E.[snowwind@tutanota.com].snwd", and so forth.

What is Search-Guard?

After analyzing the Search-Guard browser extension, our researchers determined that it operates as a browser hijacker. This piece of software makes modifications to browser settings in order to promote (by causing redirects to) the search-guard.xyz fake search engine.

What is EmergingZip?

Our researchers discovered EmergingZip while inspecting new submissions to VirusTotal. After analyzing this application, we determined that it is a piece of advertising-supported software. Additionally, this adware belongs to the AdLoad malware family.

What kind of page is clean-your-pc[.]xyz?

Clean-your-pc[.]xyz is a rogue site designed to load deceptive content, promote browser notification spam, and redirect visitors to other (likely dubious/malicious) webpages. Our research team discovered this page while checking out untrustworthy websites.

Users seldom access sites like clean-your-pc[.]xyz intentionally. Most enter them through redirects caused by webpages that use rogue advertising networks, intrusive ads, spam notifications, mistyped URLs, or installed adware.

What kind of website is messagereceiver[.]com?

Messagereceiver[.]com is a deceptive website that uses a clickbait technique to trick visitors into allowing it to show notifications and redirects them to other pages. We have discovered it while examining sites that use rogue advertising networks. It is very uncommon for pages like messagereceiver[.]com to be visited intentionally.

What is DeezNuts Crypter ransomware?

DeezNuts Crypter is a piece of malicious software classified as ransomware. Our research team found it while inspecting new submissions to VirusTotal.

After being launched on our test machine, this ransomware encrypted files and renamed them by inserting ".deeznuts-crypter" between the original filename and extension. For example, a file initially titled "1.jpg" appeared as "1.deeznuts-crypter.jpg", "2.png" as "2.deeznuts-crypter.png", and so on.

Once this process was completed, DeezNuts Crypter displayed a pop-up window and opened a pastebin (text storage) webpage on the browser.

The text presented in these messages makes it clear that this ransomware's goal is not to collect ransoms. We have concluded, that it might have been developed for the cyber criminals' amusement or released for testing purposes. Fortunately, DeezNuts Crypter is decryptable; the decryption key is "123" (sans quotation marks).

What kind of application is LocatorUpdate?

LocatorUpdate is the name of an application that we have discovered while analyzing shady websites. After testing the app, we learned that its purpose is to display intrusive advertisements. LocatorUpdate is a typical advertising-supported application that provides no real value to its users.

What kind of application is visible dark?

Our team has discovered the visible dark application/browser extension on a deceptive page. That page got opened while visiting other websites that use shady advertising networks. After examining the visible dark application, we found that it displays annoying advertisements. Thus, it was concluded that visible dark operates as adware.

What is FeaturePremium?

FeaturePremium is a piece of rogue software that our researchers discovered while inspecting new submissions to VirusTotal. Our analysis uncovered that this app operates as adware and belongs to the AdLoad malware family.