Virus and Spyware Removal Guides, uninstall instructions

What is NetworkBeta?

NetworkBeta is the name of a rogue application. After testing a sample, we have determined that it is an adware-type app belonging to the AdLoad malware family. While we have not observed NetworkBeta using browser hijacker abilities, our experience with AdLoad applications lets us presume that it may have them.

What kind of application is CoolMapSearch?

We have tested the CoolMapSearch application and learned that it is a browser hijacker that changes the web browser's settings to promote the coolmapsearch.com address (a fake search engine). Our team has analyzed plenty of browser-hijacking apps and noticed that a big part of them is promoted/distributed using questionable methods.

What is Mercurial grabber malware?

While analyzing the Mercurial grabber, we have found that it is a piece of malware that steals browser data and files from Minecraft and Discord. We also learned that Mercurial grabber is written in C# programming language and uses a simple anti-debugging technique to avoid being analyzed/detected.

What is NARUMI ransomware?

NARUMI is the name of a ransomware-type program, which our researchers found when reviewing new malware submissions on VirusTotal.

When testing the sample, we learned that this ransomware encrypts files (renders them inaccessible) and renames their filenames by appending them with a ".NARUMI" extension. For example, a file initially titled "1.jpg" appears as "1.jpg.NARUMI", "2.jpg" as "2.jpg.NARUMI", etc. After the encryption is complete, we found that NARUMI drops a ransom note - "RESTORE_FILES_INFO.txt" - onto the desktop.

What kind of page is centredirect[.]net?

Centredirect[.]net is a deceptive website that has been discovered by our team while testing various torrent, illegal streaming, and similar pages (websites that use rogue advertising networks). We found that the purpose of centredirect[.]net is to trick visitors into allowing it to display notifications and redirect them to shady websites.

What is Chrome Protect — Smart Search?

We have discovered the Chrome Protect — Smart Search application while examining various deceptive websites (a screenshot of one of these pages can be found below). After downloading and executing its installer, we have noticed that it has hijacked a web browser by changing its settings.

What kind of malware is Asistchinadecryption?

We have analyzed the Asistchinadecryption ransomware (which was discovered by our malware researchers while examining samples submitted to VirusTotal) and discovered that it encrypts files and appends ".asistchinadecryption" and the victim's ID to filenames.

For example, Asistchinadecryption renames "1.jpg" to "1.jpg.asistchinadecryption .C04-41D-05E", "2.jpg" to "2.jpg.asistchinadecryption .C04-41D-05E". Also, it creates the "!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT" file (a ransom note). We also found out that Asistchinadecryption is part of the ZEPPELIN ransomware family.

What kind of website is finkeapp[.]com?

Our team has examined finkeapp[.]com and found that it uses a clickbait technique to get permission to show notifications and redirects dubious pages. We have discovered this website while visiting pages that use questionable advertising networks. Finkeapp[.]com is similar to aucfuu[.]com, louses[.]net, topraw[.]net, and plenty of other pages.

What kind of malware is ELBOW?

Our malware researchers have discovered the ELBOW ransomware while testing the samples submitted to VirusTotal. We found out that ELBOW is part of the Phobos ransomware family. While testing it, we learned that it encrypts and renames files and provides two ransom notes (in the "info.txt" file and a pop-up window).

An example of how ELBOW has encrypted files: it renamed "1.jpg" to "1.jpg.id[9ECFA84E-3143].[UNKNOWNTEAM@criptext.com].ELBOW", "2.jpg" to "2.jpg.id[9ECFA84E-3143].[UNKNOWNTEAM@criptext.com].ELBOW". It appended the victim's ID, email address and the ".ELBOW" extension to filenames.

What kind of malware is Maak?

While testing the samples submitted to VirusTotal, we discovered that Maak is ransomware that belongs to Djvu family. We found that Maak encrypts files, appends the ".maak" extension to filenames (for example, it changes "1.jpg" to "1.jpg.maak", "file.txt" to "file.txt.maak"), and creates a text file ("_readme.txt") that contains a ransom note.