Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is BlackHatUP?

BlackHatUP is one of the ransomware variants based on the Chaos ransomware. It has been discovered during the analysis of malware samples submitted to VirusTotal. BlackHatUP encrypts data, appends its extension (".BlackHatUP") to filenames, generates a ransom note ("read_it.txt"), and changes the desktop wallpaper.

An illustration of how BlackHatUP renames files: it changes "1.jpg" to "1.jpg.BlackHatUP", "2.png" to "2.png.BlackHatUP", and so forth.

What kind of malware is LPEClient?

The LPEClient malware is a known threat that came to light in 2020. This malicious software is designed with the primary purpose of gathering information from the victims it infects and then downloading additional malicious payloads from a remote server. These payloads are executed in the computer's memory, which helps to maintain stealth and avoid detection.

What kind of malware is SIGNBT?

SIGNBT, a malware strain employed by threat actors, is distinguished by its sophistication and persistence in targeted cyberattacks. This malware allows threat actors to infiltrate and retain control over compromised systems, utilizing a multifaceted attack approach and an extensive set of backdoor functionalities.

What is "Investment In Your Country"?

We have examined the email and found that it is a fraudulent attempt designed to deceive recipients into revealing their sensitive information and (or) extorting money from them. The email contains elements of deception, such as false claims or requests, with the ultimate goal of exploiting unsuspecting individuals for financial gain.

What kind of malware is CATAKA?

CATAKA is ransomware discovered while examining samples uploaded to the VirusTotal website. Once a computer is infected, CATAKA encrypts files and appends a random extension to filenames. Also, CATAKA changes the victim's desktop wallpaper and provides a ransom note ("Readme.txt").

An example of how CATAKA renames files: it changes "1.jpg" to "1.jpg.9tw5B", "2.png" to "2.png.GXoJX", and so forth.

What kind of malware is Ppvs?

While analyzing samples of malicious software on the VirusTotal page, we came across the Ppvs ransomware, which belongs to the Djvu family. This ransomware, once it infiltrates a computer, encrypts data and appends the ".ppvs" extension to filenames. For example, it renames "1.jpg" to "1.jpg.ppvs" and "2.png" to "2.png.ppvs".

In addition to file encryption, Ppvs creates a text document named "_readme.txt", which contains a ransom note. It is important to note that the distribution of Ppvs may involve other types of malware, for instance, information stealers like Vidar or RedLine.

What kind of malware is Ppvt?

During our analysis of malware samples on the VirusTotal platform, we came across the Ppvt ransomware, which is part of the Djvu ransomware family. Once it infiltrates a computer, this ransomware encrypts data and appends the ".ppvt" extension to the filenames. For instance, it transforms "1.jpg" into "1.jpg.ppvt" and "2.png" into "2.png.ppvt".

Additionally, Ppvt generates a ransom note in the form of a text document named "_readme.txt". Moreover, the distribution of Ppvt may involve other forms of malware designed explicitly for data theft, such as Vidar or RedLine.

What kind of malware is Ppvw?

During our analysis of malware samples uploaded to VirusTotal, we came across the Ppvw ransomware, which is affiliated with the Djvu malware family. When a computer is infected with Ppvw, it encrypts files and appends the ".ppvw" extension to their file names. For instance, "1.jpg" is transformed into "1.jpg.ppvw" and "2.png" is changed to "2.png.ppvw".

In addition to file encryption, Ppvw generates a ransom note (it creates a file named "_readme.txt"). Furthermore, the distribution of Ppvw may involve information-stealing malware like Vidar and RedLine.

What kind of software is Website Security Scanner?

Website Security Scanner is endorsed as a tool that scans visited websites and verifies their safety based on over fifty databases. Our researchers discovered this browser extension during a routine inspection of rogue sites.

After examining this piece of software, we determined that it is adware. Website Security Scanner delivers intrusive advertisement campaigns and spies on users' browsing activity.

What kind of software is Art New tabs?

While investigating suspicious sites, our researchers discovered the Art New tabs browser extension. It modifies browser settings to endorse (via redirects) the goog.artnewtabs.com fake search engine. This extension also spies on users' browsing activity. This behavior classifies Art New tabs as a browser hijacker.