Virus and Spyware Removal Guides, uninstall instructions

What kind of page is meovideo[.]ru?

We have discovered the meovideo[.]ru while visiting illegal movie streaming, adult dating, torrent, and similar sites that use questionable advertising networks. After examining meovideo[.]ru, we learned that it displays deceptive content to trick visitors into agreeing to receive untrustworthy notifications.

What is BestMusicSearches?

BestMusicSearches is a rogue browser extension. After analyzing it, our researchers classified it as a browser hijacker. BestMusicSearches operates by modifying browser settings to promote (via redirects) the bestmusicsearches.com fake search engine.

What kind of malware is BATLOADER?

BATLOADER is part of the infection chain where it is used to perform the initial compromise. This malware is used to execute payloads like Ursnif. Our team has discovered BATLOADER after executing installers for legitimate software (such as Zoom, TeamViewer Visual Studio) bundled with this malware. We have found those installers on compromised websites.

What is Power Off adware?

Power Off is a rogue application supposedly capable of managing program processes, e.g., launching, scheduling, restarting, shutting down, etc. Our researchers determined that this piece of software operates as advertising-supported software (adware) - by running intrusive advertisement campaigns.

What is 360 ransomware?

Discovered by Boanbird, 360 is the name of a ransomware-type program. When we launched a sample on our test system, it encrypted files and appended their filenames with the ".360" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.360", "2.jpg" as "2.jpg.360", and so on. Once the encryption process was completed, this ransomware created a ransom note - "!_INFO.txt" - on the desktop.

What kind of page is worldcoolfeed[.]com?

Worldcoolfeed[.]com is a deceptive website that we have discovered while examining torrent, illegal movie streaming, and similar sites that use questionable advertising networks. We found that the purpose of worldcoolfeed[.]com is to trick visitors into allowing it to show notifications and redirect them to other pages.

What is Gomorrah?

Gomorrah is an information-stealing malware. We obtained a sample from VirusTotal and subsequently analyzed this malicious program. We discovered that it primarily targets account credentials and credit card numbers.

What is Cat4er ransomware?

During a routine inspection of new malware submissions to VirusTotal, our research team found the Cat4er ransomware.

When a sample was launched on our test machine, this malware encrypted files and appended them with the ".Cat4er" extension. For example, a filename like "1.jpg" appeared as "1.jpg.Cat4er" after encryption. Once this process was completed, Cat4er dropped a ransom note - "HOW_FIX_FILES.htm" - onto the desktop.

What kind of address is chillsearch.xyz?

The chillsearch.xyz address (a fake search engine) became known to us after using a couple of fake Adobe Flash Player installers downloaded from deceptive websites. We have found that those installers hijacked a web browser - our browser opened chillsearch.xyz every time we entered a search query into the URL bar.

What is Bar1 New Tab?

Bar1 New Tab is a browser hijacker. After analyzing this piece of software, our researchers determined that it modifies browser settings to promote the barone.live fake search engine. Additionally, Bar1 New Tab spies on users' browsing activity.