Virus and Spyware Removal Guides, uninstall instructions

What kind of application is Mountain Wallpaper?

Our team examined the Mountain Wallpaper browser extension and discovered that it operates as a browser hijacker. Its primary aim is to promote find.pmywebsrc.com, a fake search engine, by modifying the settings of the hijacked browser. Usually, users unknowingly introduce browser hijackers to their browsers.

What kind of application is GypsophilaPaniculata?

In our assessment of the GypsophilaPaniculata browser extension, we detected troubling activities, including the addition of the "Managed by your organization" feature to Chrome browsers, the management of specific browser elements, and the collection of various data. Our encounter with GypsophilaPaniculata occurred during an investigation into a harmful installer downloaded from a shady page.

What kind of application is SystemOptimization?

While examining the SystemOptimization app, our team noticed it displays various ads, leading us to categorize it as adware. It is important to note that such software is often promoted and distributed deceptively. Thus, users often get tricked into installing programs like SystemOptimization.

What kind of malware is Rzfu?

During our examination of malware samples on the VirusTotal page, we came across the Rzfu ransomware, a member of the Djvu family. When this ransomware infects a computer, it encrypts files and appends the ".rzfu" extension to their filenames. For instance, "1.jpg" becomes "1.jpg.rzfu" and "2.png" changes to "2.png.rzfu".

In addition to encrypting files, Rzfu generates a ransom note, a text file named "_readme.txt". Moreover, the distribution of Rzfu may include information stealers like Vidar and RedLine.

What kind of malware is Rzml?

While studying malware on VirusTotal, we found the Rzml ransomware, which is part of the Djvu family. When a computer is affected, Rzml encrypts files and adds the ".rzml" extension to their names. For example, "1.jpg" becomes "1.jpg.rzml" and "2.png" turns into "2.png.rzml".

Apart from encrypting files, Rzml also creates a ransom note in the form of a text file named "_readme.txt". Furthermore, the distribution of Rzml might involve information stealers like Vidar and RedLine.

What kind of malware is Rzkd?

During our examination of malicious software samples that were uploaded to VirusTotal, we came across ransomware dubbed Rzkd. This particular ransomware is designed to encrypt files and alter their names by appending the ".rzkd" extension. Furthermore, Rzkd generates a ransom note, which can be found in the file named "_readme.txt".

To provide a visual representation of Rzkd's filename modifications, it transforms files such as "1.jpg" into "1.jpg.rzkd", "2.png" into "2.png.rzkd", etc. It is important to highlight that Rzkd is a member of the Djvu family. Threat actors often distribute Djvu ransomware with information-stealing malware like RedLine or Vidar.

What kind of application is Fonts Determiner?

During our analysis of the Fonts Determiner application, our team observed that it presents a range of advertisements. Consequently, we have classified Fonts Determiner as adware. It should be highlighted that software of this nature is frequently marketed and disseminated through misleading methods.

What is PterygotusAnglicus?

During our evaluation of the PterygotusAnglicus browser extension, we identified concerning behavior, such as adding the "Managed by your organization" feature to Chrome browsers, managing certain elements of the browser, and reading various data. We came across PterygotusAnglicus while investigating a harmful installer downloaded from an untrustworthy website.

What kind of application is ArchiveRemote?

During a routine review of new file submissions to VirusTotal, our research team discovered the ArchiveRemote application.

After inspecting it, we determined that this piece of software is adware. ArchiveRemote is part of the AdLoad malware family. This app generates revenue for its developers by feeding users with undesirable and potentially malicious advertisements.

What kind of software is Tropical Extension?

Tropical Extension is a piece of rogue software that we found while inspecting suspicious sites. This extension promises to display tropics-themed browser wallpapers. Our examination revealed that Tropical Extension is a browser hijacker. It modifies browser settings to endorse (through redirects) the tropicalextension.com fake search engine.