InitialDevice changes browser settings, generates advertisements, and might also gather certain information. In this way, InitialDevice functions both as adware and as a browser hijacker. Typically, users download and install apps such as InitialDevice inadvertently and, therefore, they are cla
"Spin The Wheel" is a scam promoted on various deceptive websites. There are several variants of this scam. In general, the scheme claims users have the chance to win a prize. Note that "Spin The Wheel" is in no way associated with Home Depot, Amazon, Apple, or other companies it mentions. Additi
URSA ransomware encrypts files and creates two ransom messages in "RECOVER_YOUR_FILES.HTML" and "RECOVER_YOUR_FILES.TXT" files, which it places in folders that contain encrypted files. Note that, unlike most ransomware, URSA does not rename any of the encrypted files. Screenshot of files encr
SearchConverterInc is rogue software classified as a browser hijacker. It operates by making changes to browser settings to promote searchconverterinc.com (a fake search engine). Additionally, SearchConverterInc monitors users' browsing habits. Due to the dubious methods used to proliferate brows
LIZARD is a ransomware-type program, which is identical to LANDSLIDE malware. Systems infected with LIZARD experience data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are renamed following this pattern: "[DeathSpicy@yandex.ru][id=v
reander[.]net is a scam website. Its main purpose is to scare visitors into downloading and installing a potentially unwanted application (PUA) by displaying a fake virus notification stating that the device is infected. Users do not often visit reander[.]net or similar web pages intentionally
"Cobra Industrial Machines email virus" refers to a spam campaign designed to proliferate malware. The term "spam campaign" defines a mass-scale operation, during which thousands of deceptive/scam emails are sent. The messages distributed through this campaign ask recipients to provide a product q
Foo belongs to the VoidCrypt ransomware family. This ransomware encrypts files and appends the encryptfull@criptext.com email address, victim's ID, and the ".Foo" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.[encryptfull@criptext.com][ZRC71WE2QGBLYX5].Foo", "2.jpg" to "2.jpg.
ProductUpgrade is a rogue application classified as adware with browser hijacker traits. Following successful infiltration, this app runs intrusive advertisement campaigns and modifies browsers to promote fake search engines. Due to the dubious methods employed to proliferate ProductUpgrade, it
OpticalPartition displays advertisements and promotes a fake search engine. In this way, the app functions as adware and a browser hijacker. It is also likely that this app gathers browsing-related (and other) data. People commonly download and install apps such as OpticalPartition inadvertentl