Virus and Spyware Removal Guides, uninstall instructions

What kind of application is remain dark?

We have discovered the remain dark browser extension while examining deceptive websites. After downloading and testing the app, we learned that it hijacks a web browser by changing certain settings to 87nzaa.com (a fake search engine). It is advertised as an app providing a dark mode for web browsers.

What is TargetCompany ransomware?

TargetCompany is a ransomware-type program that we have analyzed and researched. It is leveraged against companies rather than home users. We have also analyzed the following programs that belong to this ransomware family - Architek, Mallox, Tohnichi, Herrco, and Newexploit.

This ransomware appends the names of encrypted files with extensions that are the affected company's name or relate to it. Observed examples include - ".artiis", ".brg", ".mallox", ".architek", ".tohnichi", ".herrco", ".consultransom", ".avast", and others. After this malware completes the encryption, it creates a ransom note titled "How to decrypt files.txt".

TargetCompany is a decryptable ransomware. Avast has released free decryptors (32bit and 64bit) for it; the decryption instructions can be found in an article on decoded.avast.io website.

What is "Your eMail account will be disconnected" email?

The "Your eMail account will be disconnected" email is a new find by our research team. Having inspected this letter, we determined that it is a phishing email. It targets recipients' email credentials with false claims about their accounts' impending suspension.

What is "Closing Of Email Address Notice !" email scam?

We have examined this email and concluded that scammers behind it attempt to trick recipients into providing their email account login credentials. Scammers disguised the email as a letter regarding email account deactivation/request for account deactivation.

What is UpdaterWebPageEducate?

UpdaterWebPageEducate is an adware-type app that our researchers found when inspecting new submissions to VirusTotal. We have determined that this piece of software belongs to the AdLoad malware family.

What is the "Web Access for the 2022 version" email?

After analyzing the "Web Access for the 2022 version" email, our researchers determined that it is a phishing scam. This letter attempts to trick recipients into providing their email account log-in credentials to a phishing website, thereby allowing the scammers access/control over the account.

What kind of malware is ZOZL?

Our team has discovered the ZOZL ransomware while analyzing the samples submitted to VirusTotal. Our key findings are that ZOZL is part of the Phobos ransomware family and encrypts files, generates two ransom notes ("info.hta" and "info.txt"), and renames files.

An example of how ZOZL renames files (it appends the victim's ID, ops@mailc.net email address and the ".ZOZL" extension to filenames: it changes "1.jpg" to "1.jpg.id[9ECFA84E-3275].[ops@mailc.net].ZOZL", "2.jpg" to "2.jpg.id[9ECFA84E-3275].[ops@mailc.net].ZOZL".

What kind of application is PowerLane?

We have discovered the PowerLane application while visiting download pages for cracked software and pages displaying fake pop-ups. After examining PowerLane, we found that it is an advertising-supported application that can read browsing history and sensitive information from websites.

What is Shopping Guide?

Discovered by our team while researching deceptive websites, Shopping Guide is an adware-type browser extension. It promises to allow quick access to "the most popular e-commerce company". However, this extension delivers intrusive advertisement campaigns instead.

What kind of page is goldline-updates[.]com?

Goldline-updates[.]com is a rogue website promoting browser notification spam and capable of redirecting visitors to other untrustworthy/harmful pages.

We discovered this site while researching pages that use rogue advertising networks. Redirects caused by such webpages - are also how most users access websites like goldline-updates[.]com.