Ncov is a part of the Dharma ransomware family. It encrypts files, changes filenames, creates a text file and displays a pop-up window. Ncov renames encrypted files by adding the victim's ID, coronavirus@qq.com email address and appending the ".ncov" extension to filenames. For example, a file na
vitosc.xyz is the address of a fake search engine. Typically, fake search engines are promoted through various potentially unwanted applications (PUAs), browser hijackers. This fake search engine is promoted through a PUA named SApp+ (or Smash App+) and Nittok, however, other apps might also promo
Multy App is a browser hijacker endorsed as a multi-purpose tool that supposedly provides quick access to services such as search engines, encyclopedias, email, social networking and social media, e-commerce and online stores. In fact, Multy App operates by modifying browsers to promote searchmult
Despite its name, Corona-Virus-Map.com is not the address of a website - it is the name of a malicious program classified as a Trojan (or more specifically, a "backdoor" Trojan). This type of malware causes chain infections by stealthily downloading and installing additional malicious programs. C
g3treal0ne[.]space is an untrusted website that redirects visitors to other web pages of this kind. For example, it leads visitors to pages that promote various software 'cracking' tools, rogue installers (e.g., fake Adobe Flash Player installers), potentially unwanted applications (PUAs), and o
Discovered by Jakub Kroustek, Gtf is a malicious program belonging to the Dharma ransomware family. It operates by encrypting the data of infected systems to demand payment for decryption tools/software. During the encryption process, all affected files are renamed according to the following patt
BrowserProduct is supposedly designed to improve the browsing experience. In fact, this application delivers intrusive advertisements and is, therefore, classified as adware. Additionally, most apps of this type have data tracking capabilities. Due to the dubious proliferation methods used to p
Deranvizes is a deceptive website group promoting various online scams. Web pages from this group have been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" scheme, however, they might also promote other scams. Few users enter these websites intentionally - they are redi
The InnovativeShare application is supposedly designed to improve the browsing experience, however, it is categorized as adware and displays intrusive advertisements. These apps often gather information. Generally, users download and install adware unintentionally. Therefore, InnovativeShare an
Ostap is a JavaScript downloader used by cyber criminals to spread TrickBot, a trojan-type malicious programs that steals various personal, sensitive information. Cyber criminals use the details generate revenue in various ways. If you believe that your computer is infected with Ostap downloader (