Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Critical Error IP Threat Detected"?

After inspecting "Critical Error IP Threat Detected", we determined that is a technical support scam. Masquerading as "Microsoft Support", the scheme aims to lure users into calling fake technicians with warnings of nonexistent threats and issues on their devices.

It must be emphasized that this scam is in no way associated with either Windows or its developer – the Microsoft Corporation.

What kind of application is DetectionElemnt?

Our research team discovered the DetectionElemnt application while reviewing new file submissions to the VirusTotal website. After analyzing this piece of software, we determined that it is adware belonging to the AdLoad malware family.

What kind of malware is Hazard?

During an examination of malware samples submitted to the VirusTotal website, a ransomware variant that belongs to the MedusaLocker family called Hazard has been encountered. This malicious software encrypts files on the infected system and alters their names by adding the ".hazard18" extension (the number in the extension might vary).

For instance, when files are affected (encrypted) by Hazard, their names undergo a transformation, such as "1.jpg" becoming "1.jpg.hazard" and "2.png" becoming "2.png.hazard". Additionally, Infected leaves behind a ransom note titled "HOW_TO_BACK_FILES.html".

What kind of page is myreloads[.]com?

Our research team found the myreloads[.]com rogue page while investigating questionable websites. We discovered two appearance variants of this webpage. It is designed to promote browser notification spam, and it can redirect users to other (likely unreliable/harmful) sites.

The majority of visitors access myreloads[.]com and similar pages through redirects caused by websites using rogue advertising networks.

What kind of application is ElementAnalyzer?

While investigating new submissions to the VirusTotal site, our research team discovered the ElementAnalyzer application. Our examination revealed that this piece of software is adware belonging to the AdLoad malware family. It is designed to run intrusive advertisement campaigns.

What kind of malware is Mlap?

During a comprehensive examination of samples submitted to VirusTotal, we detected the Mlap ransomware, which belongs to the Djvu family. This malicious software encrypts data and adds the ".mlap" extension to the affected files. After completing the encryption procedure, Mlap leaves a ransom note named "_readme.txt".

Mlap follows a particular pattern when it modifies the filenames of the files it encrypts. For example, it transforms "1.jpg" into "1.jpg.mlap" and changes "2.png" to "2.png.mlap". As a member of the Djvu family, Mlap could potentially be distributed with information stealers like RedLine and Vidar.

What kind of application is WebSearchHelp?

WebSearchHelp is an application classed as adware. Our researchers discovered this app during a routine inspection of new file submissions to the VirusTotal platform. WebSearchHelp belongs to the AdLoad malware family. It displays advertisements and may have additional harmful capabilities.

What kind of page is buadss[.]com?

Buadss[.]com is a deceptive website designed to trick visitors into agreeing to receive notifications. We discovered it while investigating pages connected to rogue advertising networks. It is important to highlight that users often unintentionally access sites like buadss[.]com.

What kind of page is emydreamsa[.]com?

Emydreamsa[.]com is a website intentionally crafted to present a misleading message, aiming to deceive visitors into granting permission to display notifications. This particular site came to our attention during an examination of pages linked to rogue advertising networks. It is worth noting that users usually open websites like emydreamsa[.]com unknowingly.

What kind of malware is Mlza?

An examination of malware samples submitted to VirusTotal has uncovered the emergence of a fresh iteration within the Djvu ransomware lineage, known as Mlza. Its primary aim is to encrypt files found on a compromised system. Additionally, Mlza appends the ".mlza" extension to file names and generates a "_readme.txt" file containing a ransom note.

It is essential to highlight that Mlza may be disseminated alongside information-stealing malware, like RedLine or Vidar. As an illustration of Mlza's file renaming behavior, it alters filenames in the following manner: "1.jpg" becomes "1.jpg.mlza", "2.png" becomes "2.png.mlza" and so forth.