Virus and Spyware Removal Guides, uninstall instructions

What kind of application is EssentialPlatform?

Our research team found the EssentialPlatform app while investigating new submissions to the VirusTotal website. After examining this application, we determined that it is advertising-supported software (adware). We also learned that EssentialPlatform is part of the AdLoad malware family.

What kind of software is "Supernova: Productivity and relaxation"?

While investigating suspicious websites, our research team discovered the "Supernova: Productivity and relaxation" browser extension. According to its promotional material, this extension displays browser wallpapers.

However, after examining this piece of software, we determined that it is a browser hijacker. Supernova: Productivity and relaxation modifies browser settings in order to generate redirects, and it also has data-tracking abilities.

What kind of malware is DUMP LOCKER?

Our research team discovered the DUMP LOCKER ransomware during a routine inspection of new submissions to the VirusTotal website. Malware within this category operates by encrypting data in order to demand ransoms for its decryption.

On our test machine, DUMP LOCKER displayed a fake Windows update screen while it encrypted data. The affected files were appended with the ".f**ked" extension. The asterisks represent the letters "u" and "c" respectively; the extension will be censored in this manner throughout the article. To elaborate, a file originally named "1.jpg" appeared as "1.jpg.f**ked", "2.png" as "2.png.f**ked", etc.

After the encryption process was concluded, DUMP LOCKER ransomware displayed a ransom-demanding message in a pop-up window.

What kind of email is "Two-Factor Verification"?

After investigating the "Two-Factor Verification" email, we determined that it is spam. The letter falsely claims that the recipient's email account must be authenticated for security purposes. This mail promotes a phishing website that mimics the recipient's email account sign-in page.

What kind of page is prizehubtop[.]top?

Prizehubtop[.]top is an untrustworthy page that our team discovered while inspecting pages associated with shady advertising networks. The purpose of prizehubtop[.]top is to trick visitors into permitting it to show notifications. Users should never allow such pages to send notifications.

What is "Mr Beast GIFT CARDS GIVEAWAY"?

Our team examined this page and found that it shows a deceptive message that claims users are eligible for a free giveaway. It is not a genuine giveaway, and scammers attempt to collect personal data for malicious purposes, such as identity theft, spamming, or selling information to other criminals.

What kind of malware is SXH?

SXH is a data-stealing malware developed in the Go programming language. Its primary objective is to collect a wide range of data from infected systems. The stolen data can then be exploited for various malicious purposes, including identity theft, financial fraud, and other cybercrimes. Thus, SXH should be removed from infected systems immediately.

What kind of malware is Architects?

While inspecting new submissions to the VirusTotal site, our research team discovered the Architects malicious program. It is classified as ransomware; malware within this classification encrypts data in order to demand ransoms for its decryption.

On our test machine, Architects encrypted files and appended their filenames with a ".architects" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.architects", "2.png" as "2.png.architects", and so on for all of the affected files. After the encryption process was completed, a ransom-demanding message titled "readme.txt" was created.

What kind of malware is Kitu?

During our investigation of malware samples on the VirusTotal platform, we came across a ransomware variant known as Kitu. This particular ransomware utilizes file encryption to restrict access to files and appends the ".kitu" extension to filenames. Furthermore, it creates a ransom note called "_readme.txt" to communicate with the victim.

Kitu ransomware is part of the Djvu ransomware family, associated with information stealers like RedLine and Vidar. An example of how Kitu renames files: it changes filenames like "1.jpg" to "1.jpg.kitu", "2.png" to "2.png.kitu", and so forth.

What kind of page is iamadssystems[.]com?

During a routine inspection of untrustworthy websites, our researchers discovered the iamadssystems[.]com rogue page. It promotes browser notification spam and redirects users to other (likely dubious/malicious) sites.

Most visitors to iamadssystems[.]com and similar webpages access them through redirects caused by sites that employ rogue advertising networks.