Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Korplug?

Korplug (also known as Hodur, PlugX) is the name of the malware that has different variants with different functionalities. Korplug is distributed by a group of cybercriminals known as Mustang Panda. They are known for targeting non-governmental organizations.

What kind of page is dotchaudou[.]com?

Dotchaudou[.]com is a rogue webpage that our research team discovered while inspecting questionable sites. It operates by pushing browser notification spam and redirecting visitors to other (likely untrustworthy or malicious) websites.

Rogue sites are seldom accessed intentionally. Most users enter them via redirects caused by pages that use shady advertising networks.

What is GuideService?

Discovered by our research team while inspecting new submissions to VirusTotal, GuideService is a rogue application. Following our analysis, we determined that this piece of software operates as adware and belongs to the AdLoad malware family.

What kind of application is OnlinePlatform?

OnlinePlatform is the name of an untrustworthy application that our team has discovered while examining a deceptive website. After downloading and installing this app, we found that it operates as adware - it generates advertisements.

What is 89N3PDyZzakoH7W6n8ZrjGDDktjh8iWFG6eKRvi3kvpQ?

89N3PDyZzakoH7W6n8ZrjGDDktjh8iWFG6eKRvi3kvpQ is the name of a malicious program. After analyzing it, we determined that this malware operates as a clipboard hijacker.

We discovered this program while inspecting websites offering "cracked" software. It is noteworthy that the installation setup that contained this clipboard hijacker was bundled with other unwanted software (e.g., fake Google Translate). Installers of this kind are often packed with adware, browser hijackers, and various PUAs.

What is 8b5lc ransomware?

Our researchers found 8b5lc ransomware while inspecting new malware submissions to VirusTotal. We determined that this malicious program belongs to the Hive ransomware family.

On our test machine, this ransomware encrypted files and appended their filenames with a random character string and the ".8b5lc" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.i2uqp8zn6xp23_0wzGh_GecyjeoUV3XVojkONdTM7vz_pQ4gTa-kGjY0.8b5lc".

Afterwards, a ransom note - "MGzQ_HOW_TO_DECRYPT.txt" was created. The message in this text file and the webpage linked therein suggests that 8b5lc targets companies rather than home users. However, ransomware targeting large entities can be heavily customized depending on the victim; hence, details like ransom size - can vary.

What kind of malware is Chos?

Chos is the name of a ransomware variant that we have discovered while checking the VirusTotal page for recently submitted malware samples. It encrypts files and appends the ".Chos" extension to filenames (for example, it renames "1.jpg" to "1.jpg.Chos", "2.png" to "2.png.Chos"). Also, Chos changes the desktop wallpaper and creates the "Chos.txt" file (a ransom note).

What is GIMMICK malware?

Discovered by the Volexity cyber security firm, GIMMICK is an information-stealing malware. According to Volexity's analysis, this malicious program is used by Storm Cloud - a Chinese espionage group.

GIMMICK is a cross-platform malware; the macOS variant is (mostly) written in Objective C and the Windows version in both .NET and Delphi programming languages.

What kind of application is DefaultFabricOptic?

We have discovered the DefaultFabricOptic application on a shady website. It was found that the purpose of this app is to generate annoying/unwanted advertisements. Thus, we concluded that DefaultFabricOptic is a typical advertising-supported application distributed using questionable methods.

What kind of malware is Serpent?

Serpent is the name of a backdoor malware that we have discovered while examining a malicious MS Office document used in a malspam campaign. It is known that Serpent can be used to execute commands on the infected device, allowing cybercriminals to download other malware and gain complete access to it.