Virus and Spyware Removal Guides, uninstall instructions

What kind of page is totaldatadefence[.]com?

During a routine inspection of untrustworthy websites, our researchers discovered the totaldatadefence[.]com page. It hosts deceptive content, promotes browser notification spam, and redirects visitors to other (likely unreliable/dangerous) sites. Most users enter totaldatadefence[.]com and webpages akin to it through sites that use rogue advertising networks.

What kind of site is mysecuresoftware[.]com?

Our team has discovered the mysecuresoftware[.]com page while inspecting illegal movie streaming, torrent, and other sites that use questionable advertising networks. We have examined mysecuresoftware[.]com and found that it runs the "Norton Security - Your Pc Is Infected With 5 Viruses!" scam and asks for permission to show notifications.

What is Hfgd ransomware?

Our research team found the Hfgd ransomware while inspecting new submissions to VirusTotal. We sampled it and determined that this malicious program belongs to the Djvu ransomware family.

After being launched onto our test machine, Hfgd began encrypting files and appended their filenames with a ".hfgd" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.hfgd", "2.png" as "2.png.hfgd", etc. Once this process was completed, a ransom-demanding message "_readme.txt" was created.

What kind of website is news-dovode[.]cc?

We have discovered the news-dovode[.]cc website while examining sites that use shady advertising networks (such as illegal movie streaming, torrent, and similar sites). The purpose of news-dovode[.]cc is to trick visitors into agreeing to receive website notifications and redirect them to similar pages.

What kind of malware is Mmuz?

Mmuz is the name of ransomware that encrypts and renames files (by appending its extension to filenames). It also creates a ransom note (the "_readme.txt" file). We have discovered Mmuz ransomware while examining malware samples submitted to VirusTotal. Additionally, we learned that Mmuz is part of the Djvu ransomware family.

An example of how Mmuz ransomware modifies filenames: it renames "1.jpg" to "1.jpg.mmuz", "2.jpg" to "2.jpg.mmuz", and so forth.

What kind of malware is Rguy?

Our team has discovered Rguy while analyzing samples submitted to VirusTotal. It was found that Rguy is ransomware that encrypts files and appends the ".rguy" extension to filenames. Also, it provides instructions on how to contact the attackers and the prices of decryption tools (they are provided in the "_readme.txt" file, a ransom note).

An example of how the encrypted files get renamed by Rguy during the encryption process: "1.jpg" gets renamed to "1.jpg.xxx", "2.png" to "2.png.rguy", "3.exe" to "3.exe.rguy". Rguy is part of the ransomware family called Djvu.

What kind of page is allowpcprotect[.]com?

Allowpcprotect[.]com is a deceptive website that uses a scare tactic to trick visitors into purchasing antivirus software. It also asks for permission to show notifications. We have discovered this site while inspecting other sites that use shady advertising networks.

What kind of page is protectlab[.]xyz?

Our research team found protectlab[.]xyz while inspecting untrustworthy websites. This rogue page is designed to load deceptive content, push browser notification spam, and redirect visitors to different (likely unreliable/malicious) websites. Most users enter sites like protectlab[.]xyz via webpages using rogue advertising networks.

What is Everyday Quote?

While inspecting dubious download websites, our researchers discovered the Everyday Quote browser extension. It promises to display daily inspirational quotes. After analyzing this piece of software, we determined that it operates as adware.

What kind of page is toftheussi[.]xyz?

Toftheussi[.]xyz is a rogue website designed to push browser notification spam and redirect visitors to other (likely untrustworthy/malicious) pages.

Our researchers discovered it while inspecting sites that use rogue advertising networks. Most users enter webpages like toftheussi[.]xyz via such websites. However, they can also be entered through redirects caused by spam notifications, intrusive ads, mistyped URLs, or installed adware.