Virus and Spyware Removal Guides, uninstall instructions

What kind of application is Speed Dial?

We have tested the Speed Dial application and found that this app is a browser hijacker designed to promote addonsearch.net (a fake search engine) by changing the web browser's settings. We have discovered Speed Dial while inspecting shady websites (we have downloaded it from a questionable site).

What kind of malware is Makop (Phobos)?

Our malware researchers have discovered a new Phobos ransomware variant while analyzing samples on VirusTotal. While testing this variant, we found that it appends the ".makop" extension (and the victim's ID and back23@vpn.tg email address) to filenames.

There is another ransomware called Makop. It seems that the attackers behind Phobos ransomware use the ".makop" extension to confuse their victims. An example of how this ransomware renames files: it changes "1.jpg" to "1.jpg.id[9ECFA84E-3009].[back23@vpn.tg].makop", "2.jpg" to "2.jpg.id[9ECFA84E-3009].[back23@vpn.tg].makop". It generates two ransom notes: "info.txt" and "info.hta".

What kind of software is Adless Browsing?

We have discovered the Adless Browsing extension on a deceptive website, suggesting that it may be necessary to install a free extension to continue browsing the page. After installing and analyzing Adless Browsing, we have found that it generates advertisements (it functions as adware).

What kind of page is onlinevideoconverter[.]pro?

Onlinevideoconverter[.]pro is a page offering to download videos from YouTube. Our team has tested this site and found that it uses rogue advertising networks - it opens questionable/potentially malicious pages. Another issue with onlinevideoconverter[.]pro is that downloading videos from YouTube is illegal.

What is HopStrem?

While making a routine inspection of rogue websites, our researchers discovered a deceptive webpage promoting the HopStrem browser extension. It promises to improve users' browsing experience by removing pop-ups and other ads. After installing HopStrem onto our test machine, we determined that this piece of software operates as adware.

What kind of page is xervoo[.]net?

Our researchers discovered xervoo[.]net while researching sites using rogue advertising networks. This page loads questionable content, promotes browser notification spam, and redirects visitors to various unreliable and malicious websites.

What is Grind3lwald?

Grind3lwald is a malicious program that we found when researching new submissions on VirusTotal. Having analyzed and researched Grind3lwald, we determined that it is Remote Access Trojan (RAT).

Malware of this type is designed to enable remote access and control over infected devices. RATs usually have a wide variety of malicious functionalities.

What kind of page is youtubemp3[.]to?

Youtubemp3[.]to is a website offering to convert YouTube video links to downloadable audio files. This service is illegal as it breaks copyright laws. Having researched this site, we have noted that youtubemp3[.]to also uses rogue advertising networks. Therefore, visitors to this website can get redirected to various untrustworthy and harmful pages.

What kind of scam is "Clean Up Your Windows PC After Surfing The Web!"?

"Clean Up Your Windows PC After Surfing The Web!" is a pop-up message displayed by a shady website that we have discovered while visiting pages that use shady advertising networks. After analyzing this shady page, we found that it is a technical-support scam designed to trick visitors into calling scammers using the provided number.

What kind of page is 9anime[.]to?

9anime[.]to is an anime streaming website that uses rogue advertising networks and distributes content without permission from the property owners. We have tested this page and seen it opening other websites in a new browser tab. Pretty often, pages that use such advertising networks are used to promote untrustworthy websites.