Virus and Spyware Removal Guides, uninstall instructions

What kind of software is PsittacosaurusMongoliensis?

PsittacosaurusMongoliensis is a malicious browser extension discovered by our researchers during a routine investigation of dubious websites. It is worth mentioning that the type of installation setup used to promote this extension might also be bundled with adware, browser hijackers, PUAs, and other software.

What kind of software is DiprotodonOptatum?

DiprotodonOptatum is a malicious browser extension that our research team discovered in an installer endorsed on a deceptive website. This piece of software is capable of manipulating browsers and extracting sensitive data from them.

It is noteworthy that installation setups carrying software like DiprotodonOptatum may be bundled with adware, browser hijackers, PUAs, or other unwanted/malicious software.

What kind of scam is "Ransomware EXE.01092-1_Alert"?

Our research team discovered the "Ransomware EXE.01092-1_Alert" technical support scam during a routine inspection of suspect websites. The scheme warns users of fake system infections to deceive them into calling a bogus support line.

It is noteworthy that in some cases the "Ransomware EXE.01092-1_Alert" pop-up is be followed up by the "Trojan:Slocker" scam.

What kind of scam is "Trojan:Slocker"?

While investigating deceptive websites, our researchers discovered the "Trojan:Slocker" technical support scam. It warns that the visitor's device has been infected with trojan/ransomware and urges them to call the provided helpline. Note that this scheme may be preceded by the "Ransomware EXE.01092-1_Alert" pop-up.

It must be stressed that the infection claims are fake, and this content is in no way associated with the Microsoft Corporation or any of its products/services.

What kind of malware is Zpww?

Zpww is a ransomware-type program that our research team discovered while investigating malware. It belongs to the Djvu ransomware family. Zpww operates by encrypting data and demanding ransoms for its decryption.

On our testing system, Zpww encrypted files and altered their filenames. Original titles were appended with a ".zpww" extension, e.g., a filename such as "1.jpg" appeared as "1.jpg.zpww", "2.png" as "2.png.zpww", etc. Once this process was finished, a ransom note – "_readme.txt" – was created.

It must be mentioned that ransomware belonging to the Djvu family often infiltrates devices together with data-stealing malware, such as RedLine, Vidar, or others.

What kind of malware is Zput?

During routine malware analysis, our research team discovered the Zput ransomware. This malicious program is part of the Djvu ransomware family. Zput is designed to encrypt files and demand ransoms for their decryption.

On our test machine, this ransomware appended the names of encrypted files with a ".zput" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.zput", "2.png", as "2.png.zput", and so forth. Afterward, a ransom note titled "_readme.txt" was dropped.

It is noteworthy that Djvu infections are commonly accompanied by RedLine, Vidar, or other data-stealing malicious programs.

What kind of malware is Zpas?

While investigating malware samples, our research team discovered yet another Djvu ransomware called Zpas. Malware within this classification is designed to encrypt data and demand ransoms for its decryption.

After we executed a sample of Zpas on our testing system, this ransomware encrypted files and appended their filenames with a ".zpas" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.zpas", "2.png" as "2.png.zpas", etc. After this process concluded, a ransom note titled "_readme.txt" was created.

It is noteworthy that Djvu ransomware often arrives onto systems alongside information-stealing programs such as Vidar, RedLine, or others.

What kind of page is hokarsoud[.]com?

Hokarsoud[.]com is a rogue webpage designed to push browser notification spam and lead users to other (likely unreliable/dangerous) sites.

Most visitors to hokarsoud[.]com and pages akin to it access them through redirects generated by websites that utilize rogue advertising networks. Our researchers discovered this webpage during a routine investigation of sites that use these networks.

What kind of software is Web Ace Tab?

Web Ace Tab is a rogue browser extension that our research team found during a routine inspection of unreliable websites. While this piece of software promises to display abstract browser wallpapers, it also modifies certain settings to promote (via redirects) the webacetab.com fake search engine. Additionally, this extension spies on users' browsing activity. This behavior classifies Web Ace Tab as a browser hijacker.

What kind of email is "Security Information"?

Our examination of the "Security Information" email revealed that it is spam promoting a phishing scam. This mail falsely claims that the recipient's email account password is about to expire, thus tricking them into disclosing this sensitive information.