Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "You Have New Held Messages"?

After investigating the "You Have New Held Messages" email, we determined that it is spam. This message falsely states that the recipient has sixteen pending emails, which will be deleted unless released into the inbox within a certain timeframe. This mail promotes a phishing website that records provided email account log-in credentials.

What kind of application is VideoProgramRanking?

VideoProgramRanking is a piece of rogue software that we discovered while investigating new submissions to the VirusTotal website. After inspecting this application, we determined that it is advertising-supported software (adware). VideoProgramRanking is part of the AdLoad malware family.

What kind of email is "Your Mail Version Is Currently Being Disconnected"?

Our inspection of the "Your Mail Version Is Currently Being Disconnected" email revealed that it is spam. This letter informs the recipient that they have undelivered messages and that their current mail version will be disconnected. As the recipient attempts to upgrade it, they are redirected to a phishing website targeting email account log-in credentials.

What is NodeZipArray?

In the course of our examination of the NodeZipArray application, our team noted its frequent display of advertisements, categorizing it as adware. It's important to emphasize that such software is often promoted and disseminated through deceptive methods, which can result in users unknowingly installing it.

What kind of malware is NWOransom?

While investigating new submissions to VirusTotal, our research team discovered the NWOransom malicious program. It is based on Chaos ransomware. Malware within the ransomware classification encrypts data in order to demand payment for its decryption.

On our test machine, a sample of NWOransom encrypted files and appended their filenames with a ".sub_to_crypto_nwo" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.sub_to_crypto_nwo", "2.png" as "2.png.sub_to_crypto_nwo", etc.

Once the encryption was finished, the desktop wallpaper was changed, and a ransom note titled "Windows!System32.txt" was created. It is noteworthy that this message lacks critical information, which suggests that NWOransom might still be in development.

What kind of application is RepairEnumerator?

During our analysis of the RepairEnumerator application, our team observed that it displays numerous advertisements, classifying it as adware. It is crucial to highlight that such software is frequently promoted and distributed through deceptive means, leading users to install programs like RepairEnumerator unwittingly.

What kind of email is "C&K STEEL COMPANY"?

After inspecting this "C&K STEEL COMPANY" email, we determined that it is malspam. It is presented as an inquiry regarding a potential purchase, the details of which can be found in the attached file. However, once opened – the malicious attachment initiates a system infection chain.

It must be emphasized that this spam mail is in no way associated with any real individuals or entities.

What is Primates?

In our evaluation of the Primates browser extension, we discovered worrisome activities, including the activation of the "Managed by your organization" feature in Chrome browsers, manipulation of specific browser elements, and the collection of data. Our encounter with Primates occurred during an investigation of a harmful installer downloaded from an unreliable page.

What kind of malware is MAGASKOSH?

MAGASKOSH is ransomware that encrypts files and displays a ransom note on the locked screen. It also appends the ".magaskosh" extension to filenames. For instance, MAGASKOSH renames "1.jpg" to "1.jpg.magaskosh", "2.png" to "2.png.magaskosh", and so forth.

What is GallusGallus?

During our examination of the GallusGallus browser extension, we uncovered concerning actions such as enabling the "Managed by your organization" functionality in Chrome browsers, controlling specific browser components, and gathering data. Our interaction with GallusGallus took place while investigating a potentially harmful installer that was downloaded from an untrustworthy source.