Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Wzoq?

Our research team discovered Wzoq ransomware while analyzing malware samples. This malicious program is part of the Djvu ransomware family. Wzoq is designed to encrypt files and demand payment for their decryption.

On our test machine, this ransomware appended the encrypted files with a ".wzoq" extension. To elaborate, a file originally named "1.jpg" appeared as "1.jpg.wzoq", "2.png" as "2.png.wzoq", etc. Afterward, a ransom note titled "_readme.txt" was created.

It is noteworthy that Djvu ransomware often infects systems alongside information-stealing malware such as Vidar, RedLine, or others.

What kind of application is PDF Converty New Tab?

In the course of our investigation into the PDF Converty New Tab browser extension, we ascertained that it operates as a browser hijacker, aiming to promote a counterfeit search engine, feed.promisearch.com. The PDF Converty New Tab application accomplishes this goal by altering the configuration settings of the user's web browser.

What is the fake "AdBlock — best ad blocker" browser extension?

While investigating untrustworthy websites, we found a page using an adult-oriented lure that promotes an installer containing "AdBlock — best ad blocker". There's a legitimate browser extension of the same name, which this piece of software imitates. This fake extension operates as adware; i.e., it displays ads. Additionally, this bogus browser extension collects sensitive user information.

What is Inspirational Quotes Ext?

While inspecting the Inspirational Quotes Ext application, we noticed that it takes control over a web browser by making certain changes in its settings. Apps of this type are known as browser hijackers. It is worth noting that most users unknowingly download and add apps like Inspirational Quotes Ext to their browsers.

What kind of application is IndexerHardDisk?

After investigating IndexerHardDisk, our team has determined that its primary function is to display intrusive advertisements to users, categorizing it as adware. It is essential to highlight that unintentionally downloading and installing applications like IndexerHardDisk is a common scenario.

What kind of malware is FreeWorld?

While investigating new submissions to the VirusTotal website, our researchers discovered the FreeWorld ransomware-type program. It is designed to encrypt data and demand payment for decryption.

After we launched a sample of FreeWorld on our test system, it encrypted files and appended their filenames with a ".FreeWorldEncryption" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.FreeWorldEncryption", "2.png" as "2.png.FreeWorldEncryption", etc. Once this process was concluded, a ransom note – "FreeWorld-Contact.txt" – was created.

What kind of application is Dog Cuties?

In our examination of the Dog Cuties extension, we found characteristics often linked with a browser hijacker. These types of programs usually seize control of web browsers by changing their settings. Browser hijackers often promote fake search engines. Dog Cuties promotes dogcuties.com.

What kind of scam is "Notice Of Regular Maintenance"?

Upon examination, our team has assessed that the purpose of this email is to mislead recipients into divulging their personal information. These emails fall under the category of phishing attempts, wherein the senders, who are scammers, aim to deceive recipients into providing sensitive details on deceitful websites.

What kind of application is FiberOpticJoin?

After examining FiberOpticJoin, our team has determined that its primary function is to display intrusive advertisements to users, categorizing it as adware. It is crucial to highlight that applications similar to FiberOpticJoin are frequently promoted and spread through deceitful techniques.

What kind of malware is Top?

During a routine examination of malware samples submitted to VirusTotal, our research team encountered ransomware dubbed Top. This malicious software is intended to encrypt data and then demand payment for decrypting the files. Top ransomware provides two ransom notes: "info.hta" and "info.txt". It is worth noting that Top is part of the Phobos family.

Additionally, this ransomware renames the targeted files by appending the victim's ID, an email address, and the ".top" extension. For example, it renames a file named "1.jpg" to "1.jpg.id[9ECFA84E-3449].[topcorp@usa.com].top", "2.png" to "2.png.id[9ECFA84E-3449].[topcorp@usa.com].top", etc.