Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "Request To Delete Your Email"?

Our examination of the "Request To Delete Your Email" letter revealed that it is spam. This email makes false claims regarding a request to terminate the recipient's mail account. The goal is to trick them into attempting to prevent the "deletion" by accessing a website promoted by the spam email, which operates as a phishing site and targets account log-in credentials.

What is Chromium extension-loading shortcut virus?

"Chromium extension-loading shortcut virus" refers to a type of infection affecting Chromium-based browsers like Google Chrome, Microsoft Edge, Brave, and countless others. In these infections, modified LNK (Windows Shortcut) files are used to launch the legitimate browser alongside malicious extensions.

Recent browser-targeting viruses combine LNK and CRX (Chromium Extension) files, which results in stealthy infections leaving the victim unbeknownst to their presence.

This infection technique can be used to introduce a variety of malicious software to compromised browsers. The extensions could be used to steal browsing data, personally identifiable details, log-in credentials, cause chain infections, manipulate website contents, or possess other harmful abilities.

What kind of malware is DarkVision?

DarkVision is the name of a Remote Administration Trojan (RAT). Malware of this type is designed to provide unauthorized access to a victim's computer. The RAT allows attackers to control the infected computer remotely, giving them access to sensitive data and the ability to perform a range of malicious actions.

What kind of malware is Akira?

Akira is the name of ransomware designed to encrypt data, modify the filenames of all affected files (by appending the ".akira" extension), and create a ransom note ("akira_readme.txt"). Also, upon execution, Akira runs a PowerShell command to delete Windows Shadow Volume Copies on the device.

An example of how Akira changes filenames: it renames "1.jpg" to "1.jpg.akira", "2.png" to "2.png.akira", and so forth.

What kind of application is Toddler?

Our team's analysis of the Toddler browser extension showed that it operates as a browser hijacker. Its main aim is to promote a fake search engine (finddbest.co). To achieve browser hijacking, Toddler alters the settings of the user's browser. It is worth noting that most users add browser-hijacking apps to browsers unintentionally.

What kind of malware is FSHealth?

FSHealth is ransomware that blocks access to files by encrypting them. Also, FSHealth modifies filenames (by appending the victim's ID, email address, and ".locked" extension to them) and drops its ransom note ("How_to_decrypt_my_files.html").

An example of how FSHealth renames files: it changes "1.jpg" to "1.jpg.[9ECFA84E1F8BFBFF000A0655][fshealth@outlookpro.net].locked", "2.png" to "2.png.[9ECFA84E1F8BFBFF000A0655][fshealth@outlookpro.net].locked", and so forth.

What kind of page is realbeyondcook[.]com?

Our team has determined that realbeyondcook[.]com is an untrustworthy website that employs deceptive tactics to deceive visitors into agreeing to receive notifications. It is not uncommon for individuals to unintentionally stumble upon websites like realbeyondcook[.]com. We came across this site while investigating other dubious web pages.

What kind of page is topfieldnow[.]com?

Topfieldnow[.]com is a rogue page we discovered while inspecting questionable websites. This webpage promotes browser notification spam and redirects visitors to other (likely unreliable/dangerous) sites. Most users enter pages like topfieldnow[.]com through redirects generated by websites that employ rogue advertising networks.

What is Antoni ransomware?

Antoni is the name of a ransomware-type program. Malware, classed as "ransomware", is designed to encrypt data and demand ransoms for its decryption.

On our testing system, Antoni ransomware encrypted files and appended their filenames with a ".Antoni" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.Antoni", "2.png" as "2.png.Antoni", etc. Afterwards, a ransom note named "Antoni_Recovery.txt" was created on the desktop.

What kind of malware is Qopz?

Qopz, a ransomware belonging to the Djvu family, was detected by our malware researchers while analyzing samples on VirusTotal. This malicious software encrypts files, with Qopz adding the ".qopz" extension to the original filenames and leaving a ransom note called "_readme.txt".

For example, a file named "1.jpg" would be changed to "1.jpg.qopz", "2.png" to "2.png.qopz", and so forth. It should be noted that Djvu ransomware is often distributed alongside information stealers like RedLine and Vidar.