Virus and Spyware Removal Guides, uninstall instructions

What kind of software is TaskSample?

We have discovered the TaskSample application after using a fake installer downloaded from a deceptive website. During our analysis, we have found that TaskSample has the qualities of adware - it displays unwanted advertisements. Software of this type is not trustworthy.

What is the "Important Update From Mail Server Registrar"?

"Important Update From Mail Server Registrar" is the name of a phishing email received and analyzed by our research team. This letter makes false claims about incoming/outgoing mail being suspended and urges recipients to resolve the issue. This spam letter aims to trick recipients into revealing their email account log-in credentials.

What kind of app is Top Movies Links | Digital Content Online?

We have downloaded and tested the Top Movies Links | Digital Content Online app and found that it has the qualities of a browser hijacker. It promotes a fake search engine (the topmovieslinks.com address) by changing the settings of a web browser. We have discovered this browser-hijacking app while examining deceptive sites.

What kind of application is PickMySearch?

Our team has discovered the PickMySearch application while checking deceptive websites. We have tested this app and found that it is a browser hijacker that promotes a fake search engine (pickmysearch.com) by changing the setting of the affected browser. Apps of this type cannot be trusted.

What kind of page is news-caloto[.]cc?

News-caloto[.]cc is a rogue website designed to push browser notification spam. It can also redirect visitors to other dubious/malicious webpages.

Our researchers discovered news-caloto[.]cc while analyzing sites that use rogue advertising networks. Redirects caused by the aforementioned pages is how most user access news-caloto[.]cc and similar websites.

What is Bkgwmu ransomware?

Bkgwmu is a ransomware-type program our researchers discovered when inspecting new submissions on VirusTotal. We determined that his malicious program belongs to the Snatch ransomware family.

On our test machine, Bkgwmu encrypted files and appended their filenames with a ".bkgwmu" extension. To elaborate, a file initially titled "1.jpg" appeared as "1.jpg.bkgwmu", "2.jpg" as "2.jpg.bkgwmu", etc.

Once the encryption process was completed, this ransomware dropped a ransom note named "HOW TO RESTORE YOUR FILES.TXT" onto the desktop. Based on this message, we can conclude that Bkgwmu targets companies rather than home users.

What is Routes adware?

Discovered by our researchers while inspecting software "cracking" websites, Routes is the name of an adware-type application. Advertising-supported software (adware) is designed to run intrusive advertisement campaigns. We have also observed Routes being installed alongside a fake Google Translate browser extension.

What kind of page is financesurvey24[.]space?

During a routine inspection of rogue websites, our research team discovered the financesurvey24[.]space site. This page loads dubious content, promotes browser notification spam, and redirects visitors to other unreliable/harmful webpages. Most users access sites like financesurvey24[.]space via redirects caused by pages using rogue advertising networks.

What kind of application is remain dark?

We have discovered the remain dark browser extension while examining deceptive websites. After downloading and testing the app, we learned that it hijacks a web browser by changing certain settings to 87nzaa.com (a fake search engine). It is advertised as an app providing a dark mode for web browsers.

What is TargetCompany ransomware?

TargetCompany is a ransomware-type program that we have analyzed and researched. It is leveraged against companies rather than home users. We have also analyzed the following programs that belong to this ransomware family - Architek, Mallox, Tohnichi, Herrco, and Newexploit.

This ransomware appends the names of encrypted files with extensions that are the affected company's name or relate to it. Observed examples include - ".artiis", ".brg", ".mallox", ".architek", ".tohnichi", ".herrco", ".consultransom", ".avast", and others. After this malware completes the encryption, it creates a ransom note titled "How to decrypt files.txt".

TargetCompany is a decryptable ransomware. Avast has released free decryptors (32bit and 64bit) for it; the decryption instructions can be found in an article on decoded.avast.io website.