Virus and Spyware Removal Guides, uninstall instructions

What is GAZPROM ransomware?

GAZPROM is a malicious program that uses CONTI ransomware's code. Malware within the ransomware classification operates by encrypting data for the purpose of demanding ransom for its decryption.

After we executed a sample of GAZPROM on our testing system, it encrypted files and appended their filenames with a ".GAZPROM" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.GAZPROM", "2.png" as "2.png.GAZPROM", and so on for all of the affected files.

Once the encryption process was completed, this ransomware created identical ransom notes in a pop-up window ("GAZPROM_DECRYPT.hta") and an HTML file ("DECRYPT_GAZPROM.html").

What kind of scam is the fake email from "South African Post Office"?

Upon examining this email, we have discovered that it is a phishing scam that masquerades as a notification from the South African Post Office. The objective of this fraudulent email is to trick the recipients into accessing a bogus website and divulging their personal information. Therefore, it is recommended that the recipients disregard this email.

What kind of malware is Rec_rans?

Rec_rans is the name of malware that operates as ransomware. Our team discovered it while examining malware samples on VirusTotal. Rec_rans encrypts files on the infected computer, changes the desktop wallpaper, drops the "HOW_TO_RECOVERY_FILES.txt" file containing a ransom note, and adds the ".rec_rans" extension to filenames of all encrypted files.

An example of how Rec_rans modifies filenames: it changes "1.jpg" to "1.jpg.rec_rans", "2.png" to "2.png.rec_rans", and so forth.

What kind of malware is BlackSuit?

BlackSuit is ransomware - malware that prevents victims from accessing their files by encrypting them. BlackSuit targets Windows and Linux users. In addition to encrypting data, this ransomware changes the desktop wallpaper, creates the "README.BlackSuit.txt" file (a ransom note), and renames files.

BlackSuit appends the ".blacksuit" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.blacksuit", "2.png" to "2.png.blacksuit", and so forth.

What kind of application is Sticky Note Board Extension?

Upon investigation of Sticky Note Board Extension, we found that it is an extension for web browsers that is intended to boost the visibility of a fake search engine known as search.notesticky-extension.com. This is achieved by seizing control of the browser settings. Apps that operate like Sticky Note Board Extension are known as browser hijackers.

What kind of page is econsultingcoem[.]com?

Econsultingcoem[.]com is a rogue page that we discovered while inspecting dubious sites. This website promotes browser notification spam and redirects users to other (likely unreliable/dangerous) pages.

Visitors to econsultingcoem[.]com and sites akin to it – access them primarily through redirects caused by webpages using rogue advertising networks, spam notifications, intrusive ads, mistyped URLs, and installed adware.

What is Zhong ransomware?

Our researchers found the Zhong ransomware during a routine examination of new VirusTotal submissions. Ransomware is a type of malware that encrypts data for ransom purposes.

On our test machine, Zhong encrypted files and appended their filenames with a ".zhong" extension. To elaborate, a file titled "1.jpg" appeared as "1.jpg.zhong", "2.png" as "2.png.zhong", and so on. Afterwards, a ransom note named "Restore.txt" was dropped onto the desktop.

What kind of page is cosmovideo[.]cam?

While investigating dubious websites, our research team found the cosmovideo[.]cam rogue webpage. It is designed to promote browser notification spam and redirect visitors to different (likely unreliable/hazardous) sites. Most users access pages like cosmovideo[.]cam via redirects caused by websites that use rogue advertising networks.

What kind of email is "Payment Proforma Invoice / Contract"?

After inspecting the "Payment Proforma Invoice / Contract" email, we determined that it is spam. This letter operates as a phishing scam; it makes false claims regarding a received voice message to trick recipients into attempting to sign in via a fake website. This spam campaign targets email account log-in credentials.

What is Miserium ransomware?

Our researchers discovered the Miserium ransomware during a routine investigation of new submissions to VirusTotal. Malware within this classification operates by encrypting data and demanding payment for its decryption.

After we executed a sample of Miserium on our test system, it encrypted files and appended their filenames with an extension consisting of four random characters. For example, a file initially titled "1.jpg" appeared as "1.jpg.mbkx", "2.png" as "2.png.zx16", etc. Once this process was completed, Miserium changed the desktop wallpaper to one containing a ransom note.