Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Mzre?

While analyzing malware samples uploaded to VirusTotal, we encountered Mzre, a ransomware variant linked to the Djvu family. Mzre encrypts files, appends the ".mzre" extension to their filenames, and generates a ransom note ("_readme.txt").

An illustration of how Mzre alters filenames involves changing "1.jpg" to "1.jpg.mzre", "2.png" to "2.png.mzre" and so on. It is important to note that Mzre, as part of the Djvu ransomware family, may be disseminated alongside information-stealing malware like Vidar and RedLine.

What kind of app is Go Blocker?

While scrutinizing the Go Blocker browser extension, we observed its tendency to showcase bothersome advertisements, which categorizes it as adware. Additionally, Go Blocker possesses the capability to access and modify various data. As a result, users are advised not to place trust in this application and should promptly remove it from their affected browsers.

What kind of software is Fetchzilla?

Fetchzilla is an adware-type browser extension that our researchers discovered while investigating suspicious websites. It is promoted as a tool that simplifies media (e.g., image) download off the Web. However, this extension runs intrusive advertisements instead. In other words, Fetchzilla feeds users with unwanted and deceptive ads.

What kind of software is Literature News on New Tab?

Literature News on New Tab is a browser extension that promises easy access to the latest news on literature. Our inspection of this extension revealed that it is browser-hijacking software. Literature News on New Tab modifies browser settings to generate redirects.

What kind of application is ProgramProcessor?

Our research team found the ProgramProcessor app during a routine check on new file submissions to the VirusTotal site. After inspecting this application, we determined that it is advertising-supported software (adware). ProgramProcessor is part of the AdLoad malware family.

What kind of software is Animated BG?

Animated BG is a rogue extension that displays animated browser wallpapers. Our analysis of this piece of software revealed that it is a browser hijacker. It makes alterations to browser settings in order to promote (via redirects) the search.animatedbg-tab.com fake search engine.

What kind of malware is Got?

Our research team discovered a ransomware-type program called Got while investigating new submissions to the VirusTotal platform. This malicious program belongs to the Xorist ransomware family. Got malware is designed to encrypt data and demand payment for its decryption.

On our test system, this ransomware encrypted files and changed their filenames. Original titles were appended with a ".Got" extension,e.g., a file named "1.jpg" appeared as "1.jpg.Got", "2.png" as "2.png.Got", etc. Afterward, ransom notes were created in a pop-up window and the "HOW TO DECRYPT FILES.txt" text file.

What kind of malware is Mzqt?

In our examination of malware samples using the VirusTotal platform, we encountered a ransomware variant identified as Mzqt. This ransomware employs file encryption to limit access to files and adds the ".mzqt" extension to file names. Additionally, it generates a ransom note named "_readme.txt".

The Mzqt ransomware belongs to the Djvu ransomware family and is linked to information stealers like RedLine and Vidar. An illustration of how Mzqt alters file names is as follows: it transforms file names such as "1.jpg" into "1.jpg.mzqt", "2.png" into "2.png.mzqt", and so on.

What kind of malware is Mzhi?

In the course of inspection of malware samples provided on the VirusTotal platform, a Djvu member dubbed Mzhi has been discovered. Mzhi encrypts files and modifies their filenames by adding the ".mzhi" extension. Additionally, Mzhi is programmed to generate a text file named "_readme.txt", which contains a ransom note.

Djvu ransomware is often distributed in conjunction with information stealers such as RedLine or Vidar by malicious actors. An example of how Mzhi alters filenames: it transforms "1.jpg" into "1.jpg.mzhi", "2.png" into "2.png.mzhi" and so on.

What kind of malware is ZenRAT?

ZenRAT is the name of a Remote Access Trojan (RAT) that has been around since at least the summer of 2023. This malware has data-stealing capabilities and can implement modules for additional functionality. The latter means that this trojan may be transformed into a highly versatile piece of malicious software.

ZenRAT has been observed being distributed through a fake Bitwarden website. It must be stressed that neither the site nor the RAT is in any way associated with the actual Bitwarden service.