Virus and Spyware Removal Guides, uninstall instructions

What is Nwgen ransomware?

Our researchers found Nwgen while inspecting new submissions to VirusTotal. This malicious program is categorized as ransomware.

On our test system, Nwgen encrypted files and appended their filenames with a ".nwgen" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.nwgen", "2.jpg" as "2.jpg.nwgen", "1.docx" - "1.docx.nwgen", and so on for all of the encrypted files.

Afterwards, a ransom note - "How To Restore Your Files.txt" - was dropped onto the desktop. Based on this message, we can conclude that this ransomware is targeted at companies rather than home users. In some cases, these messages are tailored in accordance with the infection details; hence, the contents may vary from victim to victim.

What is DynamicGrid?

DynamicGrid is an application that our researchers classified as advertising-supported software (adware). Additionally, they have determined that DynamicGrid belongs to the AdLoad malware family.

What is myhugewords[.]com?

Myhugewords[.]com is a deceptive website designed to trick visitors into agreeing to receive notifications. We have discovered myhugewords[.]com while examining various illegal movie streaming, torrent, and other sites that use shady advertising networks. Websites of this type rarely are visited on purpose.

What is Qnty ransomware?

Qnty is a piece of malicious software classified as ransomware; it is designed to encrypt data and demand payment for the decryption. After obtaining a sample from VirusTotal, our researchers determined that Qnty belongs to the Djvu ransomware family.

On our test machine, this malicious program encrypted files and appended their filenames with a ".qnty" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.qnty", "2.jpg" as "2.jpg.qnty", and so on. Once the encryption process was completed, a ransom-demanding message - "_readme.txt" - was created.

What kind of malware is Kl?

Our malware researchers have discovered the Kl ransomware on VirusTotal (while checking for recently submitted malware samples). They have learned that Kl is part of the Dharma ransomware family. It encrypts files and appends the victim's ID, filekiller@onionmail.org email address, and the ".kl" extension to filenames.

For example, Kl renames "1.jpg" to "1.jpg.id-9ECFA84E.[filekiller@onionmail.org].kl", "document.txt" to "document.txt.id-9ECFA84E.[filekiller@onionmail.org].kl". Also, it displays a pop-up window and creates a text file named "info.txt". Both of them contain a ransom note.

What kind of page is see-what-is-buzzing[.]com?

See-what-is-buzzing[.]com is a rogue website designed to load dubious content, promote browser notification spam, and redirect visitors to other untrustworthy/harmful pages.

Our research team discovered it while inspecting websites that use rogue advertising networks; redirects caused by such webpages are how most users access see-what-is-buzzing[.]com and similar sites.

What is Godox ransomware?

Godox is a ransomware-type program that our research team discovered while inspecting new submissions to VirusTotal. Additionally, we have determined that this piece of malicious software belongs to the VoidCrypt ransomware family.

After this ransomware was released onto our test system, it encrypted files and appended their filenames with a unique ID, the cyber criminals' email address, and a ".godox" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.(MJ-VR2865390471)(Folperdock@gmail.com).Godox".

Following the completion of the encryption process, Godox dropped ransom notes - "Decryption-Guide.HTA" and "Decryption-Guide.txt" - onto the desktop.

What is the "Notification Of DHL Shipment" email?

Our researchers determined that "Notification Of DHL Shipment" is a spam email. It is not associated with DHL - the logistics and delivery company; cyber criminals merely use the name to trick recipients into falling for the phishing scam. This fake notification targets email account log-in credentials through a phishing file attached to it.

What is Ccps ransomware?

During a routine inspection of new submissions to VirusTotal, our research team found another malicious program belonging to the Djvu ransomware family. It is called Ccps, and it is designed to encrypt data and demand payment for the decryption.

On our test machine, this ransomware encrypted files and appended their titles with a ".ccps" extension, e.g., a file initially named "1.jpg" appeared as "1.jpg.ccps", "2.jpg" as "2.jpg.ccps", etc. Once this process was completed, a ransom note - "_readme.txt" - was created.

What kind of page is pushnott[.]com?

We have found out about the pushnott[.]com website after visiting sites (illegal movie streaming, torrent sites) that use shady advertising networks. Our team has analyzed pushnott[.]com and learned that it attempts to get permission to show notifications and redirects to similar pages.