Step-by-Step Malware Removal Instructions

Eeyu Ransomware
Ransomware

Eeyu Ransomware

While inspecting malware samples submitted to the VirusTotal page, we discovered ransomware (which is part of the Djvu family) called Eeyu. It encrypts files and appends its extension to filenames. For example, Eeyu renames "1.jpg" to "1.jpg.eeyu", "2.png" to "2.png.eeyu", etc. Also, it drops the

Gnik Ransomware
Ransomware

Gnik Ransomware

Gnik is ransomware belonging to the Dharma family. Our team discovered this ransomware while inspecting malware samples submitted to VirusTotal. We found that Gnik prevents victims from accessing their files by encrypting them. It also modifies filenames and provides two ransom notes. Gnik displa

DisLight Adware
Adware

DisLight Adware

DisLight is a rogue browser extension that our researchers discovered while inspecting dubious software-promoting websites. This extension promises to enable dark mode for simple design webpages. Instead, it operates as advertising-supported software (adware). Adware enables the placement

CoolADSBlockSearch Browser Hijacker
Browser Hijacker

CoolADSBlockSearch Browser Hijacker

CoolADSBlockSearch is a rogue browser extension. After analyzing this piece of software, we determined that it operates as a browser hijacker. CoolADSBlockSearch modifies browser settings to promote the cooladsblocksearch.com fake search engine. CoolADSBlockSearch reassigns browsers' homep

DHL Express - CONFIDENTIALITY NOTICE Email Scam
Phishing/Scam

DHL Express - CONFIDENTIALITY NOTICE Email Scam

Our inspection of the "DHL Express - CONFIDENTIALITY NOTICE" email uncovered that it is spam. This mail operates as a phishing scam. The letter is presented as a confidential message that recipients can access by providing their email account credentials. It must be emphasized that these emails a

Protect-data-2022.xyz Ads
Notification Spam

Protect-data-2022.xyz Ads

Our researchers discovered the protect-data-2022[.]xyz rogue site while investigating suspicious webpages. This page operates by promoting scams, pushing browser notification spam, and redirecting visitors to other (likely unreliable/malicious) websites. Most users access pages like protect-data-

ClickDark Adware
Adware

ClickDark Adware

After testing the ClickDark application, our team learned that it shows annoying advertisements. Therefore, we classified ClickDark as adware. We discovered this app while examining deceptive websites offering/instructing us to download supposedly useful (or required) browser extensions. C

Scam Ransomware
Ransomware

Scam Ransomware

While inspecting new submissions to VirusTotal, our research team discovered a ransomware-type program called Scam. It is yet another one based on the Chaos ransomware. On our test machine, the Scam ransomware encrypted files and appended their filenames with a ".scam" extension. For example, a f

QueueBuffer Adware (Mac)
Mac Virus

QueueBuffer Adware (Mac)

QueueBuffer is a piece of rogue software that our researchers discovered while inspecting new submissions to VirusTotal. Analyzing this app revealed that it operates as adware. Additionally, QueueBuffer belongs to the AdLoad malware family. Adware is designed to enable the placement of t

FirstKill Ransomware
Ransomware

FirstKill Ransomware

While examining malware samples submitted to the VirusTotal, our team discovered FirstKill - ransomware that encrypts files. It is used to blackmail victims by demanding to pay for a decryption tool. FirstKill not only encrypts but also renames files (appends the ".FirstKill" extension), changes t