Virus and Spyware Removal Guides, uninstall instructions

What kind of website is adroadlinks[.]com?

We have discovered adroadlinks[.]com while visiting websites that use rogue advertising networks (such as illegal movie streaming, torrent sites). After examining adroadlinks[.]com, we learned that this page displays deceptive content and asks for permission to show untrustworthy notifications.

What is Blocker ransomware?

Our researchers discovered Blocker ransomware on VirusTotal. While analyzing the ransomware sample we found that it encrypts files and appends them with the ".blocker" extension. For example, a filename like "1.jpg" appeared as "1.jpg.blocker", "2.jpg" as "2.jpg.blocker", and so on. Once the encryption was finished, Blocker created a ransom note named "#Decrypt#.txt".

What is LinkGraph Analysis?

LinkGraph Analysis is the name of a browser extension endorsed as a tool that allows users to check their websites' SEO (Search Engine Optimization) and provides a comprehensive support link analysis. After installing this piece of software onto our test system, we determined that LinkGraph Analysis is an adware-type browser extension.

What is Shiny Tab?

Shiny Tab is a rogue browser extension promising various functionalities, such as browser wallpapers, light/dark and fullscreen modes. When we analyzed this piece of software, we observed it modifying browser settings and promoting the search.shinytab.com fake search engine. This behavior classifies Shiny Tab as a browser hijacker.

What kind of page is gapscult[.]com?

Detected when our research team was investigating untrustworthy websites, gapscult[.]com is a rogue page designed to load dubious content, promote spam browser notifications, and redirect visitors to other suspect/malicious sites. Websites like gapscult[.]com are typically accessed via others that use rogue advertising networks.

What is Laposada ransomware?

Laposada is the name of a ransomware-type program our researchers found when doing a routine check into new VirusTotal submissions.

When we ran the sample on our test machine, the malware encrypted files and appended them with a ".laposada-bfkruyz" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.laposada-bfkruyz" afterwards.

Once the encryption was completed, Laposada created a ransom note titled "!!laposada_howtodecipher.inf" on the desktop. Based on this message, we can conclude that this ransomware is intended for companies rather than home users.

What is NetworkBeta?

NetworkBeta is the name of a rogue application. After testing a sample, we have determined that it is an adware-type app belonging to the AdLoad malware family. While we have not observed NetworkBeta using browser hijacker abilities, our experience with AdLoad applications lets us presume that it may have them.

What kind of application is CoolMapSearch?

We have tested the CoolMapSearch application and learned that it is a browser hijacker that changes the web browser's settings to promote the coolmapsearch.com address (a fake search engine). Our team has analyzed plenty of browser-hijacking apps and noticed that a big part of them is promoted/distributed using questionable methods.

What is Mercurial grabber malware?

While analyzing the Mercurial grabber, we have found that it is a piece of malware that steals browser data and files from Minecraft and Discord. We also learned that Mercurial grabber is written in C# programming language and uses a simple anti-debugging technique to avoid being analyzed/detected.

What is NARUMI ransomware?

NARUMI is the name of a ransomware-type program, which our researchers found when reviewing new malware submissions on VirusTotal.

When testing the sample, we learned that this ransomware encrypts files (renders them inaccessible) and renames their filenames by appending them with a ".NARUMI" extension. For example, a file initially titled "1.jpg" appears as "1.jpg.NARUMI", "2.jpg" as "2.jpg.NARUMI", etc. After the encryption is complete, we found that NARUMI drops a ransom note - "RESTORE_FILES_INFO.txt" - onto the desktop.