Virus and Spyware Removal Guides, uninstall instructions

What kind of application is IntelligenceLabs?

IntelligenceLabs is an adware-type application that our research team found while inspecting new submissions to the VirusTotal website. This app belongs to the AdLoad malware family. IntelligenceLabs delivers intrusive ad campaigns and may have additional harmful capabilities.

What kind of application is CargoVictory?

After examining the CargoVictory application, it has come to our attention that it displays intrusive advertisements. These types of applications fall into the category of adware or advertising-supported software. It is not unusual for users to inadvertently install adware without a complete understanding of its presence or the potential repercussions it might bring.

What kind of malware is Trash Panda?

Our research team found the Trash Panda ransomware-type program during a routine investigation of new submissions to VirusTotal. This malicious program is designed to encrypt data and demand ransoms for its decryption.

After launching a sample of Trash Panda on our test system, it began encrypting files and appended their filenames with a ".monochrome" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.monochrome", "2.png" as "2.png.monochrome", etc. Once this process was completed, a ransom note titled "[random_string]-readme.html" was created.

What kind of malware is GPT?

While studying malware samples submitted to VirusTotal, we discovered a ransomware variant dubbed GPT. We found that GPT is part of the Dharma family. It encrypts files, appends the ".GPT" extension to filenames, and provides two ransom notes (displays a pop-up window and creates the "AI_SARA.txt" file).

An example of how GPT modifies filenames: it renames "1.jpg" to "1.jpg.id-1E857D00-SARA.[AI_SARA].GPT", "2.png" to "2.png.id-1E857D00-SARA.[AI_SARA].GPT", and so forth.

What kind of application is MovementEvolution?

After an analysis of MovementEvolution, our team has determined that its primary function revolves around displaying intrusive advertisements to users, leading to its classification as adware. Noteworthy is the fact that applications similar to MovementEvolution frequently find their way onto devices without users' knowledge.

What kind of malware is Yytw?

During our analysis of malware samples uploaded to VirusTotal, we encountered Yytw, a ransomware variant linked to the Djvu family. Yytw encrypts files, appends the ".yytw" extension to their filenames, and generates a ransom note in the form of a text file named "_readme.txt".

An example of how Yytw renames files is by changing "1.jpg" to "1.jpg.yytw", "2.png" to "2.png.yytw", and so forth. It is important to note that Yytw might be distributed alongside information-stealing malware like Vidar and RedLine, making it even more dangerous for users and their sensitive data.

What kind of malware is Yyza?

While examining malware samples uploaded to VirusTotal, we came across Yyza, a ransomware variant associated with the Djvu family. Yyza encrypts files, adds the ".yyza" extension to their names, and creates a ransom note (a text file named "_readme.txt").

An example of how Yyza modifies file names is by transforming "1.jpg" into "1.jpg.yyza", "2.png" into "2.png.yyza", and so forth. It is crucial to be aware that Yyza, being a part of the Djvu ransomware family, might be distributed alongside information-stealing malware such as Vidar and RedLine.

What kind of application is LevelSmite?

Our researchers discovered the LevelSmite application during a routine investigation of new submissions to the VirusTotal site. After examining this piece of software, we learned that it is adware belonging to the AdLoad malware family. LevelSmite operates by running intrusive advertisement campaigns, and it may have other harmful abilities.

What kind of software is Forestab?

Our researchers discovered the Forestab browser extension while inspecting suspect websites. It is endorsed as a tool that displays nature-themed browser wallpapers.

After examining this extension, we determined that it is a browser hijacker. Forestab makes alterations to browser settings in order to promote (via redirects) the search.forestab.com fake search engine. Additionally, this piece of software spies on users' browsing activity.

What kind of application is FeaturePerformance?

FeaturePerformance is a piece of rogue software that we discovered while investigating new submissions to the VirusTotal website. After analyzing this app, we learned that it is advertising-supported software (adware). FeaturePerformance is part of the AdLoad malware family.