Virus and Spyware Removal Guides, uninstall instructions

What kind of page is ewdownt[.]club?

Ewdownt[.]club uses a clickbait technique to trick visitors into agreeing to receive notifications. Also, ewdownt[.]club can redirect visitors to potentially malicious pages. Ewdownt[.]club should not be visited and allowed to deliver notifications. There are many similar pages, for example, umhiswh[.]club, yourcoolfeed[.]com, news-befuka[.]cc.

What is "DPD Lietuva" email virus?

"DPD Lietuva email virus" refers to a malware-spreading spam campaign targeting Lithuanian users. The spam emails are disguised as delivery notifications from DPD Lietuva - the Lithuanian branch of DPDgroup, an international parcel delivery service network.

It must be emphasized that these emails are in no way associated with DPDgroup. This scam mail aims to infect recipients' systems with malware through the virulent attachments distributed through them.

What kind of malware is 1ohe?

1ohe is a new variant of the Spora ransomware. This variant encrypts files, modifies filenames, and generates two ransom notes ("ReadMe_Now!.hta" and "Read_Me!_.txt"). 1ohe appends the victim's ID, filesrecoveren@onionmail.org email address, and ".1ohe" extension to filenames.

For example, it renames "1.jpg" to "1.jpg[ID=39C73m-Mail=FilesRecoverEN@Gmail.com].1ohe", "sample.jpg" to "sample.jpg[ID=39C73m-Mail=FilesRecoverEN@Gmail.com].1ohe", and so on.

What is ActiveOptimization?

ActiveOptimization is a rogue app with adware and browser hijacker traits. Furthermore, software products of this type are also classified as PUAs (Potentially Unwanted Applications).

What kind of page is luckydatingspot[.]top?

Luckydatingspot[.]top asks for permission to show notifications and redirects to questionable websites. It is an untrustworthy website similar to linkwinners[.]net, yourcoolfeed[.]com, news-befuka[.]cc, and many more. Users do not visit/open these pages on purpose.

What kind of malware is Wuxia?

Wuxia ransomware is malware that employs encryption to make files inaccessible. Like most ransomware variants, Wuxia renames files and provides instructions on how to contact the attackers. It generates two ransom notes: "Decryption-Guide.txt" and "Decryption-Guide.hta". Wuxia is part of the VoidCrypt ransomware family.

Wuxia appends victims's ID, hushange_delbar@outlook.com email address and the ".wuxia" extension to filenames. For example, it renames "1.jpg" to "1.jpg,(MJ-CT2790561438)(Hushange_delbar@outlook.com).wuxia", "sample.jpg" to "sample.jpg,(MJ-CT2790561438)(Hushange_delbar@outlook.com).wuxia".

What is linkwinners[.]net?

Linkwinners[.]net is a rogue site sharing similarities with yourcoolfeed.com, news-befuka.cc, ourcoolstories.com, captcharesolverhere.top, and countless others. This website loads dubious content, pushes its browser notifications, and/or redirects visitors to various (likely untrustworthy or malicious) pages.

Users are typically redirected to rogue sites by suspect webpages, intrusive ads, or installed PUAs (Potentially Unwanted Applications).

What is ALPHV (BlackCat) ransomware?

ALPHV (BlackCat) is a sophisticated ransomware-type program written in the Rust programming language. This program is used in Ransomware-as-a-Service (RaaS) operations.

Malware of this type encrypts data (locks files) and demands payment for the decryption. Typically, these malicious programs rename encrypted files by appending them with specific extensions. However, since ALPHV (BlackCat) is offered as RaaS - its extensions, ransom note filenames (e.g., "GET IT BACK-[file_extension]-FILES.txt") and their contents - vary due to the different cyber criminals involved.

For example, files could be appended with an extension similar to ".bzeakde" (hence, a file named "1.jpg" would appear as "1.jpg.bzeakde", etc.) and then drop a ransom-demanding message titled "GET IT BACK-bzeakde-FILES.txt".

What kind of page is umhiswh[.]club?

Umhiswh[.]club is a deceptive website designed to trick visitors into agreeing to receive its notifications. Also, this page redirects visitors to other untrustworthy web pages. It shares these qualities with news-befuka[.]cc, hrougthatsidh[.]club, paymentsweb[.]org and plenty of other pages.

What kind of malware is BLOCK?

BLOCK is one of the ransomware variants belonging to the Xorist family. This variant encrypts files and appends the ".BLOCK" extension to their filenames. For instance, it renames "1.jpg" to "1.jpg.BLOCK", "sample.png" to "sample.png.BLOCK". BLOCK ransomware creates the "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" file as its ransom note.