Virus and Spyware Removal Guides, uninstall instructions

What is Zzla ransomware?

Zzla is a piece of malicious software belonging to the Djvu ransomware group. This malware encrypts data and demands payment for the decryption tools. In other words, files affected by Zzla ransomware are rendered inaccessible/unusable, and victims are asked to pay for the access/use recovery.

During the encryption process, files are appended with the ".zzla" extension. For example, a file originally titled something like "1.jpg" would appear as "1.jpg.zzla", "2.jpg" as "2.jpg.zzla", and so forth. After this process is complete, ransom notes named "_readme.txt" - are dropped into compromised folders.

What is the notify[.]tk webpage?

Notify[.]tk is the address of a rogue website. It operates by loading dubious material and/or redirecting visitors to other unreliable/malicious sites. There are thousands of such webpages online; allhugenewz.com, videoplayernow.com, and zpreland.com are just some examples.

Users rarely access rogue websites intentionally. Most get redirected to them by other pages, intrusive adverts, or installed PUAs (Potentially Unwanted Applications).

These apps can infiltrate systems without user permission. PUAs are designed to cause redirects, run intrusive advert campaigns, and gather browsing-related information.

What is AES64?

Ransomware is a type of malicious software that encrypts files to make them inaccessible to victims. Cybercriminals behind ransomware attacks profit from payments that victims make to decrypt files.

AES64 encrypts and renames files, and generates a ransom note - it appends the ".AES64" extension to their filenames, displays a pop-up window and creates the "___RECOVER__FILES__.AES64.txt" file. For example, it renames a file named "1.jpg" to "1.jpg.AES64", "2.jpg" to "2.jpg.AES64", and so forth.

What is "Kaseya email virus"?

"Kaseya email virus" is the name of a malware-spreading spam campaign. The term "spam campaign" is used to describe a large-scale operation during which thousands of deceptive emails are sent.

The letters distributed through this campaign urge recipients to install an update from "Microsoft" to fix a vulnerability present in Kaseya customers' networks. Kaseya are legitimate developers of software designed to manage networks, systems, and information technology infrastructure.

It must be emphasized that these scam emails are in no way associated with either Kaseya Limited or the Microsoft Corporation. This spam campaign aims to exploit the 2021 July ransomware incident that affected Kaseya and its customers.

These fake letters proliferate the Cobalt Strike malicious program, which possesses data-stealing abilities and can cause chain infections.

What is Process the order attached email scam?

Usually, scammers use phishing emails to trick recipients into providing personal information. It is common that emails of this type contain a link to a deceptive website asking to enter login credentials, credit card details, social security numbers, or other information.

It is important to mention that phishing emails usually are disguised as official letters from legitimate companies or other entities. However, scammers behind them do not have anything to do with the companies they pretend to be.

What is "ATLAS AL SHARQ TRADING email virus"?

"ATLAS AL SHARQ TRADING email virus" refers to a malware-spreading spam campaign. The term "spam campaign" defines a mass-scale operation during which thousands of deceptive/scam emails are sent.

The letters distributed through this campaign are disguised as mail from Atlas Al Sharq Trading Establishment - an industrial equipment supplier based in the United Arab Emirates. The aim of these scam emails is to infect recipients' systems with FormBook malware.

What is allhugenewz[.]com?

Allhugenewz[.]com is one of the pages designed to promote untrustworthy (in some cases, legitimate) websites or load questionable content - its functionality depends on the geolocation of the visitor. A couple of examples of other pages like allhugenewz[.]com are zpreland[.]com, reverscaptcha[.]com, and 1video-online[.]me.

It is worth mentioning that users do not visit pages like allhugenewz[.]com by themselves - they get opened through shady advertisements, pages, or potentially unwanted applications (PUAs) installed on browsers or computers.

What is Dev0 ransomware?

Dev0 is the name of a malicious program, which is part of the Makop ransomware family. Following successful infiltration, this malware renders files inaccessible by encrypting them - to make ransom demands for the decryption (i.e., access recovery).

During the encryption process, affected files are retitled after this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and ".dev0" extension. For example, a file initially named "1.jpg" would appear as something similar to "1.jpg.[9B83AE23].[xdatarecovery@msgsafe.io].dev0" - once encrypted. Additionally, ransom notes - "readme-warning.txt" - are dropped into compromised folders.

What is Bom ransomware?

Ransomware is a type of malware cybercriminals use to prevent victims from accessing their files. It makes files inaccessible/unusable by encrypting them and generates a ransom note (or multiple ransom notes).

Bom encrypts files and modifies their filenames by appending the tormented.soul@tuta.io email address, a string of random characters, and the ".bom" extension. For example, it renames a file named "1.jpg" to "1.jpg.[tormented.soul@tuta.io][MJ-KB3756421908].bom", "2.jpg" to "2.jpg.[tormented.soul@tuta.io][MJ-KB3756421908].bom", and so on.

This ransomware is part of the VoidCrypt family. To provide instructions on how to contact cybercriminals behind it, Bom creates a text file named "Scratch".

What is IndexerProject?

IndexerProject is a piece of rogue software categorized as adware. It also has browser hijacker qualities.

Following successful installation, this app runs intrusive advert campaigns and promotes fake search engines (through modifications to browser settings). Additionally, IndexerProject has data tracking abilities.

Most adware-types and browser hijackers are installed inadvertently; hence, they are also classified as PUAs (Potentially Unwanted Applications).