Virus and Spyware Removal Guides, uninstall instructions

What is Qqqe?

Qqqe is a ransomware-type program designed to encrypt data and make ransom demands for the decryption. While analyzing it, we learned that it is yet another program belonging to the Djvu ransomware family.

On our test machine, it encrypted files and appended them with the ".qqqe" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.qqqe", "2.jpg" as "2.jpg.qqqe", and so on. Once this process was completed, Qqqe created a ransom note named "_readme.txt".

What kind of malware is Yoqs?

We have discovered Yoqs while inspecting various download pages for cracked software. Our malware researchers have tested the ransomware sample and found that it is part of the Djvu ransomware family. The Yoqs ransomware encrypts files, appends the ".yoqs" extension to filenames, and provides a ransom note (creates the "_readme.txt" file).

An example of how Yoqs ransomware changes filenames is it renames a file named "1.jpg" to "1.jpg.yoqs", "document.txt" to "document.txt.yoqs".

What kind of page is worldfreshblog[.]com?

Our research team found worldfreshblog[.]com when researching rogue websites. This site is designed to push browser notification spam, but it may also load dubious material and/or redirect visitors to other untrustworthy and harmful webpages.

Most visitors to worldfreshblog[.]com and similar websites access them inadvertently via other pages that use rogue advertising networks.

What is Punisher Miner?

During a routine review of new malware submissions on VirusTotal, we found the Punisher Miner cryptominer. Our research revealed that this malicious program is designed to mine Monero, Toncoin, and Ravencoin cryptocurrencies.

What is FaceStealer?

When looking into new submissions on VirusTotal, we found FaceStealer - an Android-specific trojan. This malware operates as a Facebook social networking account log-in credential stealer. Our research revealed that it is proliferated under the guise of various popular Android applications.

What kind of page is coolingcola[.]com?

Coolingcola[.]com is a website that we have discovered while inspecting pages that use questionable advertising networks. At the time of the research, coolingcola[.]com was promoting a scam offering to win the iPhone 12 mini and asked for permission to show notifications.

What is the Tone application?

After installing the Tone application onto a test system, our research team discovered that it operates as advertising-supported software (adware). To elaborate, this rogue app delivered various advertisements.

What kind of application is Esperanto Dictionary?

We have discovered Esperanto Dictionary while looking for deceptive websites offering to download and install questionable applications. After testing Esperanto Dictionary, we concluded that it is an adware-type application that generates advertisements and can read data on all visited pages.

What is DazzleSpy?

DazzleSpy is a backdoor-type malware, which our researchers sampled from ESET's WeLiveSecurity community website. After analyzing this piece of malicious software, we concluded that it is capable of receiving/executing commands and extracting files from the infected device. At the time of writing, DazzleSpy had been observed being used for geopolitically-motivated attacks.

What kind of page is new-message-service[.]com?

New-message-service[.]com is an untrustworthy website that we have discovered while examining illegal streaming, torrent sites, and similar pages that use questionable advertising networks. We found that the purpose of new-message-service[.]com is to get permission to show notifications and redirect visitors to other shady websites.