Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is GootLoader?

We have discovered GootLoader malware while examining legitimate but compromised websites (mainly websites managed using WordPress). It was found that GootLoader is used to infect computers with additional malware. Cybercriminals using GootLoader seek to trick users into unknowingly downloading and executing the malware by disguising it as a document or other file.

What kind of malware is Xioxian?

We have discovered the Xioxian while analyzing malware samples submitted to the VirusTotal page. It was found that Xioxian is ransomware. It encrypts files, appends the ".xioxian" extension to filenames, and generates a ransom note (the "#Congratulations#.txt" file).

An example of how Xioxian modifies filenames: it renames "1.jpg" to "1.jpg.xioxian", "2.png" to "2.png.xioxian", and so forth.

What is Ynzwj ransomware?

During a routine inspection of new malware submissions to VirusTotal, our research team found the Ynzwj ransomware. This program operates by encrypting data (rendering it inaccessible) and demanding payment for the decryption (access recovery).

On our test machine, this ransomware appended the filenames of encrypted files with a ransom character string and the ".ynzwj" extension. To elaborate, a file originally titled "1.jpg" appeared as "1.jpg.XvaMZZQ_pjSeWxoryTr9GQtAcsDJsdhkcHZMf9gYIGj_PgAAAD4AAAA0.ynzwj", and so forth.

Once the encryption was completed, a ransom-demanding message - "D3ff_HOW_TO_DECRYPT.txt" - was dropped onto the desktop. The text in this note suggests that Ynzwj likely targets companies rather than home users.

What is StreamUltraSearch?

After analyzing StreamUltraSearch, we determined that it operates as a browser hijacker. This piece of software modifies browser settings to promote the streamultrasearch.com fake search engine.

What is TechPartition?

TechPartition is a rogue app our research team found while checking out new submissions to VirusTotal. When we installed this piece of software onto our test machine, we learned that it operates as adware. Additionally, we determined that TechPartition belongs to the AdLoad malware family.

What kind of page is notificationstech[.]com?

Notificationstech[.]com is an untrustworthy website designed to trick visitors into allowing it to show notifications. Our team has discovered it while inspecting other sites that use rogue advertising networks (various illegal streaming, torrent sites, and so on). Another problem with notificationstech[.]com is that it can open other similar pages.

What is Dodohacked ransomware?

Dodohacked is the name of a ransomware-type program our research team discovered during a routine inspection of new submissions to VirusTotal. This type of malware is designed to encrypt data and demand ransoms for the decryption.

When we launched Dodohacked's sample on our test system, it encrypted files and appended their filenames with the ".dodohacked" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.dodohacked", "2.jpg" as "2.jpg.dodohacked", "3.jpg" as "3.jpg.dodohacked", etc.

Once this process was completed, an identical ransom-demanding message was created in a text file named "READITT.txt" and on the new desktop wallpaper.

What kind of application is Tail Box?

Our team has discovered the Tail Box application after downloading an app from a shady website. We have examined the app and found that it hijacks a web browser to promote the tailsearch.com address, a fake search engine. Browser hijackers and fake search engines cannot be trusted.

What is pick dark?

Our researchers discovered the pick dark browser extension during a routine inspection of deceptive download pages. This piece of software promises to enable dark mode for simple design websites. However, we determined that pick dark operates as a browser hijacker and promotes the getsins.com fake search engine.

What kind of malware is T1000?

T1000 is ransomware that our team has discovered during the analysis of malware samples submitted to VirusTotal. The purpose of ransomware is to encrypt files and demand a ransom. We found that T1000 renames encrypted files by appending the ".T1000" extension to filenames.

For example, it renames "1.jpg" to "1.jpg.T1000", "2.jpg" to "2.jpg.T1000". It also creates the "HOW_TO_DECRYPT.TXT" file containing a ransom note.