Virus and Spyware Removal Guides, uninstall instructions

What kind of website is wonderstab.com?

While inspecting a rogue browser extension called Wonders Tab, we discovered the wonderstab.com fake search engine. This extension changes browser settings to endorse (via redirects) the wonderstab.com site. Due to this behavior, Wonders Tab is considered a browser hijacker.

What kind of malware is Veza?

Veza is a ransomware variant from the Djvu family that we discovered during analysis of malware samples uploaded to VirusTotal. We found that apart from encrypting files, Veza appends the ".veza" extension to filenames and generates a text file ("_readme.txt") containing a ransom note.

It is also important to mention that Djvu ransomware is often distributed alongside information stealers like RedLine or Vidar. An example of how Veza modifies filenames: it changes "1.jpg" to "1.jpg.veza", "2.png" to "2.png.veza", and so forth.

What kind of malware is GhosHacker?

Our researchers found GhosHacker ransomware while inspecting new submissions to the VirusTotal platform. This malicious program is identical to BlackSkull ransomware. Malware within this classification encrypts data and demands ransoms for its decryption.

On our test machine, GhosHacker encrypted files and added a ".red" extension to their names. To elaborate, a file initially named "1.jpg" looked like "1.jpg.red", "2.png" like "2.png.red", and so on for all of the locked files. Afterward, the ransomware changed the desktop wallpaper and created a ransom note in a pop-up window.

What is search-it-now.com?

During our analysis of search-it-now.com, we found that it operates as a fake search engine. This fake search engine is identical to searchmarquis.com. It is worth noting that sites like search-it-now.com are often promoted via browser hijackers that change the settings of web browsers.

What kind of malware is OPIX?

Our research team discovered OPIX while investigating new submissions to the VirusTotal website. This malicious program is ransomware – it encrypts files and demands ransoms for their decryption.

Once OPIX was launched on our test machine, it encrypted files and changed their filenames. Original titles were modified to a random character string and appended with a ".OPIX" extension. For example, a filename like "1.jpg" appeared as "Jb9gPY9nDT.OPIX", "2.png" as "i73Kxq9FFg.OPIX", and so on for all of the encrypted files.

After this process was concluded, a ransom note titled "#OPIX-Help.txt" was created. The message therein implies that this ransomware targets companies rather than home users.

What kind of malware is EDHST?

During our inspection of samples on VirusTotal, we discovered a ransomware variant known as EDHST. This malware encrypts files, appends the ".EDHST" extension to filenames, and creates the "HOW TO RECOVER YOUR FILES.txt" file (a ransom note). An example of how EDHST renames files: it changes "1.jpg" to "1.jpg.EDHST", "2.png" to "2.png.EDHST", and so forth.

What kind of page is kokojumjumbobo[.]top?

After examining kokojumjumbobo[.]top, we determined it to be an untrustworthy website employing clickbait tactics to gain permission to send notifications. The site presents misleading content to deceive users into granting such permission. Additionally, kokojumjumbobo[.]top might redirect users to other dubious pages.

What kind of page is lifemnadsnews[.]com?

While browsing questionable sites, our researchers discovered the lifemnadsnews[.]com rogue page. It is designed to push browser notification spam and redirect users to other (likely unreliable/harmful) websites.

Most visitors to lifemnadsnews[.]com and analogous webpages access them via redirects caused by sites utilizing rogue advertising networks. Alternative modes of entry include spam notifications, intrusive ads, misspelled URLs, and installed adware.

What kind of page is getlloydsonline[.]com?

After reviewing getlloydsonline[.]com, we have established that it is an unreliable site that uses a deceptive method to lure visitors into agreeing to receive its notifications. There are numerous examples of similar sites, and users rarely open them on purpose. It is advisable to avoid visiting getlloydsonline[.]com and similar pages.

What kind of page is globalwoldsinc[.]com?

Our researchers found the globalwoldsinc[.]com rogue page while inspecting suspect websites. After analyzing it, we determined that it promotes browser notification spam and redirects users to other (likely unreliable/hazardous) sites.

Users primarily access webpages like globalwoldsinc[.]com via redirects caused by websites utilizing rogue advertising networks.