Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Fruity?

Fruity is a downloader trojan that specifically targets Windows users and operates with a modular approach. With the assistance of Fruity, threat actors can infect computers with various types of malware, depending on their objectives. They employ a range of techniques to conceal the attack and enhance its success rate.

What kind of malware is Krize?

Krize is ransomware that our team discovered while examining samples uploaded to the VirusTotal platform. We found that Krize encrypts files, appends the ".krize" extension to filenames, changes the desktop wallpaper, and creates a file named "leia_me.txt" containing a ransom note.

An example of how Krize makes changes to the filenames of encrypted files: it renames "1.jpg" to "1.jpg.krize", "2.png" to "2.png.krize", and so forth.

What kind of program is LaneAnnual?

After analyzing the LaneAnnual application, our team has identified characteristics that classify it as adware. Adware developers often employ dubious tactics for promotion and distribution. Thus, users often download and install apps like LaneAnnual inadvertently. It is recommended not to trust adware-type apps.

What kind of page is privacy-onbrowser[.]com?

Privacy-onbrowser[.]com is a rogue page that promotes scams and browser notification spam. Additionally, it can redirect visitors to different (likely untrustworthy/malicious) websites.

Most visitors to privacy-onbrowser[.]com and webpages akin to it – access them through redirects generated by sites using rogue advertising networks. In fact, our researchers discovered privacy-onbrowser[.]com while inspecting pages that utilize said networks.

What kind of application is CycleGraph?

Our researchers discovered the CycleGraph rogue app while investigating new submissions to the VirusTotal site. After examining CycleGraph, we determined that it is advertising-supported software (adware). This app is part of the AdLoad malware family.

What kind of page is majorinryes[.]com?

Majorinryes[.]com is a rogue webpage that we discovered while investigating untrustworthy sites. It is designed to promote browser notification spam and redirect visitors to other (likely unreliable/dangerous) websites.

Users primarily access pages like majorinryes[.]com via redirects generated by sites employing rogue advertising networks, spam notifications, mistyped URLs, intrusive ads, or installed adware.

What kind of application is SolutionsApproach?

SolutionsApproach is a rogue application that our research team discovered while inspecting new submissions to VirusTotal. Our analysis revealed that this app is adware belonging to the AdLoad malware family. It is designed to generate revenue for its developers by running intrusive advertisement campaigns.

What kind of software is Tabtonews?

Our research team discovered the Tabtonews rogue browser extension during a routine inspection of untrustworthy websites. After investigating this piece of software, we determined that it is a browser hijacker. Tabtonews makes modifications to browser settings in order to promote (through redirects) the search.routway.com fake search engine.

What kind of extension is Daily Inspiration for Photographers?

Despite being advertised as an app aimed at providing daily inspiration and creativity for photographers, we discovered that Daily Inspiration for Photographers is, in fact, a browser hijacker. This app promotes a fake search engine by tampering with certain browser settings. As a result, trusting this browser extension is not advisable.

What kind of malware is BIDON?

BIDON is a new variant of the MONTI ransomware. Programs within the ransomware category are designed to encrypt files and demand payment for their decryption.

After we executed a sample of BIDON on our test system, it began encrypting files. The filenames of affected files were appended with a ".PUUUK" extension. To elaborate, a file originally titled "1.jpg" appeared as "1.jpg.PUUUK", "2.png" as "2.png.PUUUK", etc.

After this process was concluded, the ransomware created a ransom note named "readme.txt". Based on the message therein, it is evident that BIDON uses double extortion tactics and targets large entities (e.g., companies) rather than home users.