Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is 34678?

A recently identified ransomware variant, known as 34678 and affiliated with the Dharma family, has come to light following an analysis of malware samples submitted to VirusTotal. 34678 encrypts files and changes their filenames. Also, it displays a pop-up window containing a ransom note and generates a text file named "README!.txt".

34678 appends the victim's ID, a string of random characters, and the ".34678" extension to filenames. For example, it changes "1.jpg" to "1.jpg.id-9ECFA84E.[33389@1231334].34678", "2.png" to "2.png.id-9ECFA84E.[33389@1231334].34678", etc.

What kind of scam is "This Email Concerns Your Information Security"?

Upon our review of this email, we have ascertained that it originates from fraudulent individuals. The primary objective of this deceptive email is to trick recipients into thinking it pertains to their data security and account protection. The scammers responsible for this scam endeavor to entice recipients into sending them money.

What kind of malware KandyKorn?

A recently discovered macOS malware called KandyKorn has been found in an attack linked to the North Korean Lazarus hacking group. Their targets are blockchain engineers who work with cryptocurrency exchange platforms. The attackers pretend to be part of the cryptocurrency community on Discord to share Python modules, which then kickstart a complicated infection process involving KandyKorn.

What kind of malware is Yzqe?

During our analysis of malware samples on the VirusTotal platform, we came across the Yzqe ransomware, which is associated with the Djvu family. When it infects a computer, this ransomware encrypts data and appends the ".yzqe" extension to file names. For instance, a file named "1.jpg" would be altered to "1.jpg.yzqe" and "2.png" would be changed to "2.png.yzqe".

Besides encrypting files, Yzqe also creates a ransom note in the form of a text file named "_readme.txt". The distribution of Yzqe may include information-stealing malware like Vidar and RedLine. Cybercriminals often utilize these stealers to acquire sensitive information before deploying Djvu ransomware for the purpose of data encryption.

What kind of malware is Yzoo?

While examining malware samples submitted to VirusTotal, we encountered the Yzoo ransomware, which has ties to the Djvu family. In the event of a computer becoming infected with Yzoo, it proceeds to encrypt files and add the ".yzoo" extension to their original file names. For example, "1.jpg" would be altered to "1.jpg.yzoo" and "2.png" would be transformed into "2.png.yzoo".

Apart from encrypting files, Yzoo also generates a ransom note in the form of a file named "_readme.txt". Moreover, the dissemination of Yzoo may involve information-stealing malware such as Vidar and RedLine.

What kind of malware is DeepInDeep?

Our research team found the DeepInDeep ransomware while reviewing new malware submissions to VirusTotal. This program is part of the Phobos ransomware family. Ransomware is designed to encrypt files and demand ransoms for its decryption, and DeepInDeep is not an exception.

This malware alters the names of the locked files by appending them with a unique ID assigned to the victim, the cyber criminals' email address, and a ".deepindeep" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3511].[Deep_in_Deep@tutanota.com].deepindeep" on our testing system.

After the encryption process was finished, two ransom notes were created – one was displayed in a pop-up window ("info.hta"), and the other was dropped as a text file ("info.txt"). Based on the messages therein, it is evident that DeepInDeep targets large entities (such as companies) rather than home users.

What kind of software is TOPAPP?

Our researchers found the TOPAPP browser extension while investigating suspicious sites. The webpage endorsed TOPAPP as a tool for quick access to popular online platforms.

However, our analysis revealed that this extension operates as browser-hijacking software. It modifies browser settings in order to generate redirects to the rsrcfornow.com illegitimate search engine.

What kind of malware is Ran?

Our researchers discovered the Ran ransomware during a routine inspection of new submissions to the VirusTotal site. Designed to encrypt data to demand payment, the Ran malware also alters the titles of affected files.

On our test machine, this ransomware added the ".Ran" extension to filenames, e.g., a file titled "1.jpg" appeared as "1.jpg.Ran", "2.png" as "2.png.Ran", and so on for all of the encrypted files. After this process was completed, a ransom note – "Payment.txt" – was dropped.

What kind of malware is Yzaq?

While examining malware samples submitted to VirusTotal, we came across a ransomware variant referred to as Yzaq. This ransomware has been designed to encrypt files and change their filenames by appending the ".yzaq" extension. Moreover, Yzaq generates a ransom note, typically found in a file named "_readme.txt".

An illustration of how Yzaq modifies filenames is as follows: it transforms a file named "1.jpg" into "1.jpg.yzaq", "2.png" into "2.png.yzaq", and so forth. It is crucial to emphasize that Yzaq is part of the Djvu ransomware family. Frequently, cybercriminals distribute Djvu ransomware in conjunction with data-stealing malware, such as RedLine or Vidar.

What kind of software is Qwik Biz Tools?

Qwik Biz Tools is a rogue browser extension promising quick access to various tools commonly used in business. Our research team discovered this software's "official" promotional webpage during a routine investigation of deceptive sites.

After analyzing this extension, we determined that it is a browser hijacker. Qwik Biz Tools makes alterations to browser settings in order to promote (via redirects) the search.qwikbiztools.com fake search engine.