Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is ZEPPELIN?

Discovered by GrujaRS, ZEPPELIN is a malicious program and a variant of Buran ransomware. Systems infected with this malware have their data encrypted so that the cyber criminals behind the infection can demand payment for decryption tools/software.

During the encryption process, ZEPPELIN appends filenames with a randomized extension, using the hexadecimal numeral system (e.g. ".126-D7C-E67"). For example, "1.jpg" might appear as something similar to "1.jpg.126-D7C-E67", and so on for all affected files. Additionally, it adds filemarkers ("ZEPPELIN") to the encrypted files. After this process is finished, a text file called "!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT" is stored on the desktop.

What is DesktopInput?

DesktopInput is an adware-type app with browser hijacker traits. It operates by delivering intrusive advertisement campaigns and promoting fake search engines through modifications to browser settings. Additionally, such software usually has data tracking abilities.

Due to the questionable methods used to distribute adware and browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications). DesktopInput has been observed being spread via fake Adobe Flash Player updates. It is noteworthy that fraudulent updaters/installers are used to proliferate PUAs and even malware.

What is Hhqa ransomware?

Belonging to the Djvu ransomware family, Hhqa is a malicious program designed to encrypt data and demand payment for the decryption. In other words, this malware renders files inaccessible, and asks victims to pay - to recover access to their data.

During the encryption process, files are appended with a ".hhqa" extension. For example, a file initially titled something like "1.jpg" would appear as "1.jpg.hhqa", "2.jpg" as "2.jpg.hhqa", "3.jpg" as "3.jpg.hhqa", and so on. Once this process is complete, a ransom note - "_readme.txt" - is created.

What is steessay[.]com?

Steessay[.]com is a deceptive website designed to load dubious content and/or redirect visitors to other pages (likely untrustworthy or malicious ones). The Web is full of such sites, contentgate.xyz, watchvideoplayer.com, darliament.space, and thehugejournal.com - are but some examples.

Users seldom access such webpages intentionally; most get redirected to them by rogue sites, intrusive ads, or installed PUAs (Potentially Unwanted Applications). This software can infiltrate systems and cause redirects, run intrusive advertisement campaigns, and collect browsing-related data.

What is TRUST ransomware?

TRUST is a piece of malicious software belonging to the VoidCrypt ransomware family. It operates by encrypting data in order to demand payment for the decryption. In other words, this ransomware renders files inaccessible and demands a ransom to be paid - to restore access to the data.

During the encryption process, files are renamed following this pattern: original filename, cyber criminals' email address, unique ID assigned to the victim, and ".TRUST" extension. For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.[getthekey@tutanota.com][MJ-YW2795608314].TRUST". Afterwards, a ransom note titled "Decrypt-me.txt" is dropped onto the desktop.

What is the contentgate[.]xyz site?

Contentgate[.]xyz is a rogue website that shares many similarities with watchvideoplayer.com, thehugejournal.com, catests.space, and countless others. This page operates by loading questionable content and/or redirecting visitors to various sites (likely, unreliable/malicious ones).

Users seldom enter these websites intentionally; most get redirected to them by rogue webpages, intrusive ads, installed PUAs (Potentially Unwanted Applications). These apps can infiltrate systems without explicit consent; hence, users may be unaware of their presence.

What is GameSearchOnline?

GameSearchOnline is a rogue piece of software, classified as a browser hijacker. It operates by making alterations to browser settings - to promote the gamesearchonline.com fake search engine. Additionally, most browser hijackers collect browsing-related data. Due to the dubious method use to distribute these software products, they are also categorized as PUAs (Potentially Unwanted Applications).

What is CGP ransomware?

CGP is the name of a malicious program designed to encrypt data and demand payment for the decryption. In other words, this malware renders affected files inaccessible/unusable, and victims are asked to pay - to recover access/use to their data.

During the encryption process, compromised files are appended with the ".CGP" extension. For example, a file originally named "1.jpg" would appear as "1jpg.CGP", and so on. Following the completion of this process, ransom notes are created/displayed in a pop-up "RESTORE_FILES_INFO.hta" and "RESTORE_FILES_INFO.txt" text file.

What kind of malware is XLoader?

XLoader is a piece of malicious software targeting Windows and Mac operating systems (not to be confused with Android OS targeting XLoader malware, discovered in 2019). This program is based on FormBook malware's code and shares many features with it. The primary functionality of XLoader is stealing information.

What is "Care Logistics email virus"?

"Care Logistics email virus" refers to a malware-proliferating spam campaign. This term defines a mass-scale operation during which thousands of deceptive emails are sent. The letters distributed through this campaign - are presented as payment-related messages from Care Logistics - a legitimate company.

It must be emphasized that these scam emails are in no way associated with this company, nor is any of the information provided by them - true. This spam campaign aims to infect recipients' devices with the Snake keylogger data-stealing malware.