Virus and Spyware Removal Guides, uninstall instructions

What kind of page is news-caloto[.]cc?

News-caloto[.]cc is a rogue website designed to push browser notification spam. It can also redirect visitors to other dubious/malicious webpages.

Our researchers discovered news-caloto[.]cc while analyzing sites that use rogue advertising networks. Redirects caused by the aforementioned pages is how most user access news-caloto[.]cc and similar websites.

What is Bkgwmu ransomware?

Bkgwmu is a ransomware-type program our researchers discovered when inspecting new submissions on VirusTotal. We determined that his malicious program belongs to the Snatch ransomware family.

On our test machine, Bkgwmu encrypted files and appended their filenames with a ".bkgwmu" extension. To elaborate, a file initially titled "1.jpg" appeared as "1.jpg.bkgwmu", "2.jpg" as "2.jpg.bkgwmu", etc.

Once the encryption process was completed, this ransomware dropped a ransom note named "HOW TO RESTORE YOUR FILES.TXT" onto the desktop. Based on this message, we can conclude that Bkgwmu targets companies rather than home users.

What is Routes adware?

Discovered by our researchers while inspecting software "cracking" websites, Routes is the name of an adware-type application. Advertising-supported software (adware) is designed to run intrusive advertisement campaigns. We have also observed Routes being installed alongside a fake Google Translate browser extension.

What kind of page is financesurvey24[.]space?

During a routine inspection of rogue websites, our research team discovered the financesurvey24[.]space site. This page loads dubious content, promotes browser notification spam, and redirects visitors to other unreliable/harmful webpages. Most users access sites like financesurvey24[.]space via redirects caused by pages using rogue advertising networks.

What kind of application is remain dark?

We have discovered the remain dark browser extension while examining deceptive websites. After downloading and testing the app, we learned that it hijacks a web browser by changing certain settings to 87nzaa.com (a fake search engine). It is advertised as an app providing a dark mode for web browsers.

What is TargetCompany ransomware?

TargetCompany is a ransomware-type program that we have analyzed and researched. It is leveraged against companies rather than home users. We have also analyzed the following programs that belong to this ransomware family - Architek, Mallox, Tohnichi, Herrco, and Newexploit.

This ransomware appends the names of encrypted files with extensions that are the affected company's name or relate to it. Observed examples include - ".artiis", ".brg", ".mallox", ".architek", ".tohnichi", ".herrco", ".consultransom", ".avast", and others. After this malware completes the encryption, it creates a ransom note titled "How to decrypt files.txt".

TargetCompany is a decryptable ransomware. Avast has released free decryptors (32bit and 64bit) for it; the decryption instructions can be found in an article on decoded.avast.io website.

What is "Your eMail account will be disconnected" email?

The "Your eMail account will be disconnected" email is a new find by our research team. Having inspected this letter, we determined that it is a phishing email. It targets recipients' email credentials with false claims about their accounts' impending suspension.

What is "Closing Of Email Address Notice !" email scam?

We have examined this email and concluded that scammers behind it attempt to trick recipients into providing their email account login credentials. Scammers disguised the email as a letter regarding email account deactivation/request for account deactivation.

What is UpdaterWebPageEducate?

UpdaterWebPageEducate is an adware-type app that our researchers found when inspecting new submissions to VirusTotal. We have determined that this piece of software belongs to the AdLoad malware family.

What is the "Web Access for the 2022 version" email?

After analyzing the "Web Access for the 2022 version" email, our researchers determined that it is a phishing scam. This letter attempts to trick recipients into providing their email account log-in credentials to a phishing website, thereby allowing the scammers access/control over the account.