Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is LMAO?

While investigating new submissions to the VirusTotal site, our researchers discovered the LMAO ransomware. This program is based on the Chaos ransomware, and it is designed to encrypt data and demand ransoms for its decryption.

On our test machine, LMAO encrypted files and appended their filenames with a ".LMAO" extension. To elaborate, a file originally named "1.jpg" appeared as "1.jpg.LMAO", "2.png" as "2.png.LMAO", etc. Once this process was completed, a ransom note titled "read_it.txt" was created.

What kind of page is secure-your-device[.]com?

While examining secure-your-device[.]com, we learned that it is a deceptive website. Secure-your-device[.]com displays fake warnings and wants to show notifications. Our team came across secure-your-device[.]com while inspecting websites associated with rogue advertising networks.

What kind of page is desparnd[.]com?

While analyzing desparnd[.]com, we uncovered its utilization of a clickbait technique to entice visitors into granting permission for notifications. Our investigation of pages linked to unreliable advertising networks led us to discover desparnd[.]com. It is important to note that this website has the potential to redirect users to other untrustworthy pages.

What kind of malware is BuSaveLock?

BuSaveLock is ransomware belonging to the MedusaLocker family. Our team discovered BuSaveLock while examining samples on the VirusTotal page. The purpose of BuSaveLock is to encrypt files and demand payment in return for their decryption. Also, this ransomware provides a ransom note ("How_to_back_files.html") and renames files.

BuSaveLock appends the ".busavelock" extension with a specific number to filenames. The number included in the extension varies depending on the variant of BuSaveLock. An example of how BuSaveLock renames files: it changes "1.jpg" to "1.jpg.busavelock53", "2.png" to "2.png.busavelock53", and so forth.

What kind of page is gouddin[.]com?

During our examination of gouddin[.]com, we found that this page uses clickbait to lure visitors into allowing it to show notifications. We discovered gouddin[.]com while inspecting pages associated with rogue advertising networks. It is worth mentioning that gouddin[.]com may redirect visitors to other untrustworthy pages.

What kind of page is gserience[.]xyz?

Gserience[.]xyz is the address of a rogue webpage. It is designed to trick visitors into permitting its browser notification delivery. This page can also redirect them to other (likely untrustworthy/hazardous) sites.

The majority of users access webpages like gserience[.]xyz through redirects caused by websites using rogue advertising networks. Our researchers discovered gserience[.]xyz during a routine investigation of pages that employ said networks.

What kind of page is groovinews[.]com?

During our investigation of groovinews[.]com, we identified its utilization of deceitful methods, including the presentation of misleading messages and other content, to manipulate visitors into subscribing to notifications. Additionally, groovinews[.]com has the potential to redirect users to other questionable websites.

What kind of page is gripehealth[.]com?

Our research team found the gripehealth[.]com rogue page while examining untrustworthy websites. It is designed to push browser notification spam and redirect users to other (likely dubious/harmful) sites.

Visitors to gripehealth[.]com and webpages akin to it – primarily access them through redirects generated by websites that use rogue advertising networks.

What kind of malware is TmrCrypt0r?

While inspecting new submissions to the VirusTotal site, we discovered the TmrCrypt0r malicious program. It belongs to the Xorist ransomware family.

On our testing system, this ransomware encrypted files and appended their filenames with a ".TMRCRYPT0R" extension. For example, and original filename such as "1.jpg" appeared as "1.jpg.TMRCRYPT0R", "2.png" as "2.png.TMRCRYPT0R", and so forth. Afterward, TmrCrypt0r created/displayed identical ransom notes in a pop-up window and text file.

What kind of application is AnalyzeHelper?

While reviewing new submissions to VirusTotal, our researchers discovered the AnalyzeHelper application. After examining the app, we determined that it is advertising-supported software (adware). Additionally, we learned that AnalyzeHelper belongs to the AdLoad malware family.