Virus and Spyware Removal Guides, uninstall instructions

What kind of software is CurrencyTab?

CurrencyTab is a rogue piece of software that our researchers discovered while investigating suspicious sites. This browser extension provides easy access to currency conversion rates, and it includes a currency conversion calculator widget.

After investigating CurrencyTab, we determined that it is a browser hijacker. The extension makes changes to browser settings in order to promote (via redirects) the track.currencytab.net fake search engine.

What kind of application is Galaxy Creatures?

Our investigation of the Galaxy Creatures browser extension revealed that this application functions as a browser hijacker. Our team observed that Galaxy Creatures modifies specific browser settings to promote search.galaxycreature.net. Further analysis revealed that search.galaxycreature.net is a fake search engine, masquerading as a legitimate one.

What kind of malware is Sardonic?

Sardonic is a backdoor malware that is still under development and consists of multiple components that enable its potent capabilities. Notably, Sardonic allows threat actors to deploy updated malware dynamically without the need for frequent component updates, making it a versatile and adaptable tool for cybercriminals.

What kind of malware is SophosEncrypt?

SophosEncrypt is a ransomware-type program that impersonates the Sophos cybersecurity company. It must be emphasized that this data-encrypting malware is in no way associated with the actual Sophos Group plc.

On our test system, a sample of SophosEncrypt encrypted files and renamed them following this pattern – ".[[victim's_ID]].[[cybercriminal_email]].sophos". For example, a file initially named "1.jpg" appeared as "1.jpg.[[g9lXimXM]].[[mail@example.com]].sophos".

After the encryption process was completed, the ransomware displayed a ransom note in a pop-up window ("information.hta"). Additionally, it changed the desktop wallpaper, which continued using Sophos brand-related imagery.

What kind of app is Neat Tab?

While examining the Neat Tab browser extension, our team learned that its primary purpose is to force users to use a fake search engine search.neatfor.me. We found that Neat Tab promotes search.neatfor.me by modifying the settings of the affected web browser. Thus, we categorized this app as a browser hijacker.

What kind of application is Protab?

During our examination of Protab extension, we learned that it operates as a browser hijacker. The main purpose of this app is to promote search.protab.me, a fake search engine, by changing the settings of a web browser. It is important to note that users often download and add browser hijackers without knowing the consequences.

What kind of malware is PrO?

PrO is one of the ransomware variants belonging to the Xorist family. Our team discovered PrO while inspecting samples submitted to the VirusTotal website. PrO is designed to encrypt files, append the ".PrO" extension to filenames, and present users with an error window featuring a ransom note.

Furthermore, it generates a file named "HOW TO DECRYPT FILES.txt" that contains the same ransom note as the error window. An example of how PrO renames files: it changes "1.jpg" to "1.jpg.PrO", "2.png" to "2.png.PrO", and so forth.

What kind of page is read-the-notification[.]com?

Read-the-notification[.]com is a rogue webpage that pushes browser notification spam and can redirect users to different (likely dubious/malicious) sites.

Most visitors to this and similar pages access them through redirects generated by websites that employ rogue advertising networks. We discovered read-the-notification[.]com while examining sites that use said networks.

What kind of software is "Sport background pictures new tab"?

Our researchers discovered "Sport background pictures new tab" while investigating untrustworthy websites. This extension displays randomized sports-themed browser wallpapers.

After examining this piece of software, we determined that it is a browser hijacker. The "Sport background pictures new tab" extension modifies browser settings in order to promote (via redirects) the feed.topappsparadise.com illegitimate search engine.

What kind of malware is Mynvhefutrx?

While investigating new submissions to the VirusTotal site, our research team discovered the Mynvhefutrx malicious program. It is part of the Snatch ransomware family. Malware within the ransomware classification is designed to encrypt files and demand ransoms for their decryption.

On our test machine, Mynvhefutrx encrypted files and appended their filenames with a ".mynvhefutrx" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.mynvhefutrx", "2.png" as "2.png.mynvhefutrx", etc.

After the encryption process was completed, a ransom note named "HOW TO RESTORE YOUR MYNVHEFUTRX FILES.TXT" was created. Based on the message therein, it is evident that this ransomware targets companies rather than home users.