Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is ValleyFall?

ValleyFall is the name of spyware, malicious software designed to secretly gather information from a victim's computer or device without their knowledge. Additionally, ValleyFall can infect computers with a RAT component primarily designed for password theft and keylogging on infected computers.

What is "Documents And Funds Have Been Credited"?

Upon conducting a comprehensive examination, our team has determined that the purpose of this email is to deceive recipients into divulging their personal information. Emails of this kind are categorized as phishing attempts. In this case, scammers aim to lure recipients into entering sensitive details via the attached file.

What kind of application is GeneralExplorer?

Following an analysis of GeneralExplorer, our team has established that its primary purpose is to deliver intrusive advertisements to users, classifying it as adware. It is important to emphasize that apps akin to GeneralExplorer are often promoted and distributed through deceptive methods.

What kind of malware is Wwhu?

While examining malware samples using the VirusTotal platform, we encountered the Wwhu ransomware, which belongs to the Djvu family. Once it gains access to a computer, this ransomware encrypts data and adds the ".wwhu" extension to file names. As an example, it renames "1.jpg" to "1.jpg.wwhu" and "2.png" to "2.png.wwhu".

Wwhu also generates a ransom note, a text document named "_readme.txt". Furthermore, the distribution of Wwhu may include other types of malware explicitly crafted for data theft, such as Vidar or RedLine.

What is CumulonimbusIncus?

While investigating a malicious installer, we came across CumulonimbusIncus and its concerning behavior as a browser extension. This behavior encompassed activating the "Managed by your organization" feature within the Chrome browser, collecting diverse data, and monitoring specific components of the browser.

What kind of page is flamehammer[.]top?

Our research team discovered the flamehammer[.]top rogue webpage while inspecting unreliable sites. This page is designed to promote browser notification spam; at the time of research, it did so by utilizing a fake CAPTCHA test. Additionally, it can redirect users to other (likely untrustworthy/harmful) websites.

Most visitors to flamehammer[.]top and pages akin to it access them via redirects generated by sites using rogue advertising networks.

What kind of software is Search-UIX?

Search-UIX is a rogue browser extension that operates as a browser hijacker. Software within this classification modifies browser settings to promote (via redirects) fake search engines.

While there is an illegitimate Internet search website that shares this extension's name – searchuix.com – this was not the engine endorsed by Search-UIX when we analyzed it. At the time of research, this browser hijacker generated redirects to thesearchfeeds.com site.

What kind of page is getfreevpn[.]click?

Getfreevpn[.]click is a rogue page that runs scams and pushes spam browser notifications. It can also redirect users to different (likely unreliable/dangerous) websites.

Visitors to this and similar webpages access them primarily through redirects generated by sites that utilize rogue advertising networks. We discovered getfreevpn[.]click during a routine investigation of websites that use said networks.

What kind of application is EssentialProcesser?

Our research team found the EssentialProcesser application while inspecting new file submissions to the VirusTotal platform. After investigating this app, we determined that it is advertising-supported software (adware). EssentialProcesser belongs to the AdLoad malware family. This app is designed to deliver intrusive advertisement campaigns.

What kind of malware is Nnll?

Our researchers discovered the Nnll ransomware-type program while reviewing new submissions to the VirusTotal website. Ransomware operates by encrypting data and demanding ransoms for its decryption.

After executing a sample of Nnll on our test machine, we found that it encrypts files and appends their filenames with a ".nnll" extension. For example, an original filename such as "1.jpg" appeared as "1.jpg.nnll", "2.png" as "2.png.nnll", etc. Once this process was completed, a ransom note titled "_Readme.txt" was created.