Virus and Spyware Removal Guides, uninstall instructions

What kind of website is uponwarmth[.]com?

While investigating websites that use rogue advertising networks, we discovered uponwarmth[.]com. This deceptive website presents visitors with false information (in the guise of a fake CAPTCHA) to trick them into accepting notifications. Furthermore, accessing uponwarmth[.]com leads to other dubious pages.

What kind of application is Triathlon Gurus?

While examining the Triathlon Gurus application, we discovered that it is a browser hijacker that promotes a fake search engine called privatesearchqry.com. This search engine is not legitimate and provides search results generated by another search engine. It is worth noting that the majority of browser-hijacking apps are promoted using deceptive channels.

What kind of application is Rapid Search?

While testing the Rapid Search browser extension, our team learned that it functions as a browser hijacker. This app promotes prosearchsolutionz.com (a questionable search engine) by taking control of a web browser (by changing its settings). Thus, it is recommended to avoid using Rapid Search and its search engine.

What is One Click Refresh?

Our researchers discovered the One Click Refresh browser extension. It is presented as a tool that allows users to refresh all tabs with a single click. Our analysis of this extension revealed that it operates as advertising-supported software (adware).

What is SurfGuru?

Our research team discovered the SurfGuru browser extension while investigating untrustworthy websites. This piece of software is presented as a quick access tool to surfing-related news, advice, products, and other content. However, our analysis of SurfGuru allowed us to determine that it is a browser hijacker. This extension changes browser settings to promote (via redirects) the privatesearchqry.com fake search engine.

What is AdvancedParameter?

Our research team discovered the AdvancedParameter app during a routine investigation of new submissions to VirusTotal. After inspecting this application, we determined that it is adware belonging to the AdLoad malware family.

What kind of email is "Microsoft Corporation - Email Account Update"?

Our examination of the "Microsoft Corporation - Email Account Update" email revealed that it is spam. This letter is presented as a notification from Microsoft regarding urgent updates to the recipient's email account. This scam mail promotes a phishing website that records email passwords entered into it.

What kind of malware is BellaCiao?

BellaCiao is classified as dropper malware, which means it is intended to distribute other malware payloads onto a victim's computer system according to instructions from a C2 server. The payload delivered by BellaCiao is not downloaded but rather hardcoded into the executable as malformed base64 strings and then unloaded when needed.

What is SethLocker ransomware?

SethLocker is a ransomware-type program. It operates by encrypting data and demanding ransoms for its decryption. In most cases, malware of this kind renames the encrypted files by appending them with an extension. However, after executing a sample of SethLocker on our test machine, we learned that this ransomware does not alter filenames.

After the encryption process was completed, a ransom-demanding message titled "HOW_DECRYPT_FILES.txt" was created.

What kind of malware is DVN?

DVN is a ransomware variant based on Chaos ransomware. Our team came across DVN while checking the VirusTotal page for recently submitted malware samples. The purpose of DVN ransomware is to encrypt data. Also, this malware changes the victim's desktop wallpaper, creates the "unlock_here.txt" file (a ransom note), and adds the ".devinn" extension to filenames.

For example, it changes "1.jpg" to "1.jpg.devinn", "2.png" to "2.png.devinn", and so forth.