Virus and Spyware Removal Guides, uninstall instructions

What kind of software is Coffee Ext?

Our researchers discovered the Coffee Ext browser extension during a routine investigation of dubious websites. It is promoted as a tool that provides easy access to coffee recipes.

After examining this extension, we learned that it is browser-hijacking software. Coffee Ext operates by modifying browser settings to generate redirects. Additionally, it spies on users' browsing activity.

What kind of application is ApplicationLaser?

ApplicationLaser is a rogue app that our researchers discovered while investigating new submissions to VirusTotal. After inspecting this piece of software, we determined that it is adware belonging to the AdLoad malware family.

What kind of email is "Confirm Account To Avoid Termination"?

"Confirm Account To Avoid Termination" is a phishing email falsely claiming that authentication is necessary to prevent the deletion of the recipient's account. This spam mail aims to steal email accounts through a fake sign-in page.

What kind of email is "Alert! Mail Client Security Notification"?

Our inspection of the "Alert! Mail Client Security Notification" email revealed that it is spam. The letter makes false claims regarding suspicious sign-in attempts to the recipient's email account. This spam mail aims to extract log-in credentials through a phishing website.

What kind of malware is Allahu Akbar?

Allahu Akbar is a ransomware-type program that our research team discovered while investigating new malware submissions to the VirusTotal website. This malicious program is designed to encrypt data and demand payment for its decryption.

On our testing system, Allahu Akbar ransomware encrypted files and altered their titles. Original filenames were appended with a ".allahuakbar" extension, e.g., a file named "1.jpg" appeared as "1.jpg.allahuakbar", "2.png" as "2.png.allahuakbar", etc.

After the encryption process was completed, a ransom note – "how_to_decrypt.txt" – was created. Based on the message therein, it is highly likely that this ransomware is still in development.

What kind of malware is Duke?

Duke is the general name for malware toolsets used by the APT29 APT (Advanced Persistent Threat) actor, also known as The Dukes, Cloaked Ursa, CozyBear, Nobelium, and UNC2452. APT29 is a Russian state-sponsored group associated with the Foreign Intelligence Service of the Russian Federation (SVR RF). The group is politically and geopolitically motivated; it deals with intelligence gathering and cyber-espionage.

The Duke malware family encompasses a broad range of malicious programs, including system backdoors, loaders, data stealers, process disruptors, and others.

The latest spam campaign linked to The Dukes group occurred in 2023 and implemented malicious PDF documents disguised as diplomatic invitations from the German embassy. This email campaign targeted Foreign Affairs ministries of countries aligned with NATO.

What kind of application is StandartInitiator?

StandartInitiator is an adware-type application that we discovered while investigating new submissions to the VirusTotal website. This piece of advertising-supported software is part of the AdLoad malware family. StandartInitiator is designed to run intrusive advertisement campaigns by feeding users with unwanted and deceptive ads.

What kind of email is "Stalled Funds - United Bank Of Africa"?

"Stalled Funds - United Bank Of Africa" is a phishing email targeting recipients' personally identifiable and financial information. The letter aims to extract the highly sensitive data by falsely claiming that a nonexistent payment to the recipient, which has been unjustly stalled, will be transferred to them without further issue.

It must be emphasized that the information provided by this email is fake, and this mail is in no way associated with the actual United Bank for Africa or any other real individuals or entities.

What kind of malware is JanelaRAT?

JanelaRAT is a Remote Access Trojan (RAT). It is a piece of sophisticated malicious software designed to enable remote access and control over compromised machines.

JanelaRAT has been observed being implemented in attacks targeting Latin American banking and financial institutions. Based on the use of Portuguese in the malware's code, it is highly likely that its developers are speakers of this language.

What kind of malware is Taqw?

Our researchers found the Taqw ransomware-type program during a routine inspection of new submissions to VirusTotal. This piece of malicious software is part of the Djvu ransomware family. Programs within the ransomware classification are designed to encrypt data and demand payment for its decryption.

On our testing system, Taqw encrypted files and appended their filenames with a ".taqw" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.taqw", "2.png" as "2.png.taqw", and so on for all of the locked files. Afterwards, Taqw created a ransom note titled "_readme.txt".

It is pertinent to mention that Djvu ransomware commonly arrives onto systems together with Vidar, RedLine, or other information-stealing malware.