Step-by-Step Malware Removal Instructions

Now-scan.com Ads
Notification Spam

Now-scan.com Ads

While examining websites that use rogue advertising networks, our team came across the now-scan[.]com website. It is a deceptive page running the "McAfee - Your PC is infected with 5 viruses!" scam. Also, now-scan[.]com asks for permission to show notifications. It is an untrustworthy page that sh

Remindexpert.xyz Ads
Notification Spam

Remindexpert.xyz Ads

Remindexpert[.]xyz is a rogue page that our researchers found while inspecting untrustworthy websites. This webpage operates by hosting scams, promoting spam browser notifications, and redirecting visitors to other (likely dubious/malicious) sites. Most users enter websites like remindexpert[.]xy

Quick Site Browser Hijacker
Browser Hijacker

Quick Site Browser Hijacker

While examining deceptive pages, our team has discovered a browser extension called Quick Site. After adding it to a browser, we found that it makes certain changes in the settings. Quick Site hijacks a web browser to promote quicknewtab.com, a fake search engine. Quick Site changes the de

Pcprotect.name Ads
Notification Spam

Pcprotect.name Ads

While looking through dubious webpages, our research team found the pcprotect[.]name rogue site. It promotes scams, pushes browser notification spam, and redirects visitors to other (potentially unreliable/harmful) pages. Users typically enter sites like pcprotect[.]name through redirects caused

Video Player Adware
Adware

Video Player Adware

While inspecting a shady page, our team discovered a browser extension called Video Player. After testing the app, we found that it generates advertisements (it is an advertising-supported application). It is not recommended to have any adware added to a browser, especially if it was downloaded fr

Washedback Ransomware
Ransomware

Washedback Ransomware

Washedback is a piece of malicious software categorized as ransomware. Malware within this category encrypts data and demands ransoms for the decryption. Washedback is part of the Sojusz ransomware family. On our test system, the Washedback program encrypted files and altered their filenames. To

DARKY LOCK Ransomware
Ransomware

DARKY LOCK Ransomware

While analyzing the recently submitted samples to the VirusTotal site, our team discovered DARKY LOCK, which is ransomware. DARKY LOCK encrypts files, appends the ".darky" extension to filenames, and creates a ransom note (the "Restore-My-Files.txt" file). We also found that this ransomware is par

Jjll Ransomware
Ransomware

Jjll Ransomware

Jjll is ransomware that belongs to the Djvu family. It encrypts files and modifies their filenames (it appends the ".jjll" extension to filenames) and drops the "_readme.txt" file/a ransom note. An example of how Jjll modifies filenames: it renames "1.jpg" to "1.jpg.jjll", "2.png" to "2.png.jjll",

Make It Dark Adware
Adware

Make It Dark Adware

Make It Dark is a rogue browser extension that we discovered while inspecting questionable download webpages. This piece of software is promoted as a tool capable of enabling dark mode for browsers. However, our analysis revealed that Make It Dark operates as adware instead. Advertising-su

Findallmoneysurvey.top Ads
Notification Spam

Findallmoneysurvey.top Ads

Findallmoneysurvey[.]top is a rogue webpage that we discovered while inspecting dubious sites. It is designed to load deceptive content, promote browser notification spam, and redirect visitors to different (likely untrustworthy/malicious) websites. Users mostly enter findallmoneysurvey[.]top and