Virus and Spyware Removal Guides, uninstall instructions

What is DOP?

Discovered by dnwls0719, DOP is a malicious program that is part of the Dharma ransomware family. This malware operates by encrypting data so that ransom demands can be made for decryption tools/software.

When DOP ransomware encrypts, all affected file are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address and the ".DOP". For example, a file such as "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[dayonpay@aol.com].DOP".

After this process is complete, ransom messages are created within a text file ("FILES ENCRYPTED.txt") and the text is also presented in a pop-up window.

What is Orange Defender Antivirus?

As its name suggests, Orange Defender Antivirus is software that detects and eliminates computer viruses and other threats. In fact, this computer security program is distributed through the 'installers' of other programs. I.e., it is included into the set-ups as "additional offers".

Programs that are distributed in this way are categorized as potentially unwanted applications (PUAs) and are generally untrusted.

What is megaup[.]net?

megaUp[.]net is a file hosting and sharing website, which allows users to upload, share, and manage their files. When a user uploads a file, megaUp[.]net creates a download package and link. In this way, it prepares a file for sharing with others, however, megaUp[.]net also includes additional components in the created download package without asking permission.

Package contents are installed when another user opens the downloaded package. Note that packages created by megaUp[.]net can be used to distribute unwanted or even malicious programs.

What is ISR Stealer?

As its name suggests, ISR Stealer (also known as ISRStealer) steals sensitive information by logging keystrokes. There are many legitimate keyloggers online, however, even legitimate sites can be used for malicious intent. I.e., for stealing passwords and other confidential information.

Research shows that ISR is a modified version of another stealer named Hackhound. If there is reason to believe that ISRStealer is installed on the operating system, remove it immediately.

What is LOCK?

LOCK belongs to the Xorist ransomware family. Like most programs of this type, it prevents victims from accessing their files by encryption. LOCK also renames every encrypted file by appending the ".LOCK" extension to its filename. For example, it renames "1.jpg" to "1.jpg.LOCK", "2.jpg" to "2.jpg.LOCK", and so on.

LOCK changes the wallpaper and creates ransom message within "HOW TO DECRYPT FILES.txt" files, which can be found in all folders that contain encrypted data.

What is the Anubis Trojan?

Targeting Android users, Anubis is malicious software classified as a banking Trojan. This malware attempts to steal banking information and can lead to victims' experiencing financial loss, privacy issues and other serious problems.

Anubis has been observed being proliferated via deceptive/scam websites, which incorporate the Coronavirus/COVID-19 pandemic in some manner.

What is Nitol malware?

Nitol is malicious software. This is malware that has many dangerous capabilities, primarily deployment of DDoS (distributed denial-of-service) attacks and granting cyber criminals who use it remote access and control over the infected device. These functionalities can be used in malicious ways and lead to serious issues.

Nitol is high-risk malware and these infections must be removed immediately upon detection.

What is "COVID-19 Stimulus Email Virus"?

The number of cyber criminals (scammers) who seek to take advantage of the coronavirus disease (COVID-19) pandemic is growing daily. Commonly, they try to achieve this by sending fraudulent emails to trick recipients into clicking malicious links or opening attachments.

In this particular case, they spread emails that contain a malicious attachment designed to install a Remote Access Tool (RAT) called Agent Tesla. You are strongly advised to ignore this email and leave its contents unopened.

What is apple-online-guard[.]com?

apple-online-guard[.]com is a scam website designed to target iPhone users, however, it might also be accessed by other Apple products. This deceptive site claims that visitors' devices are infected and recommends download/installation of a promoted application.

No web page can detect threats/issues present on a system, and any that make such claims are scams. Furthermore, software endorsed using these deceptive techniques is often nonoperational, untrusted, and even malicious.

Many visitors access apple-online-guard[.]com and similar websites unintentionally via redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs).

What is Gula?

Like most ransomware-type programs, Gula is designed to deny access to data by encryption, rename all encrypted files, and provide victims with instructions about how to contact the developers (and other details) within a ransom message. It renames all files by appending the ".Gula" extension to filenames.

For example, it renames "1.jpg" file to "1.jpg.Gula", "2.jpg" file to "2.jpg.Gula", and so on. Gula creates a ransom message in a text file named "HOW TO DECRYPT FILES.txt".