Virus and Spyware Removal Guides, uninstall instructions

What is "Your Bitcoin Wallet Has Been Credited"?

After analyzing this letter, we have determined that it is a fraudulent email designed to deceive recipients into disclosing sensitive information on a counterfeit website. These types of emails are commonly referred to as phishing emails. It is highly advised to disregard such emails and refrain from sharing any information on websites promoted through them.

What is DominantInfo?

Our research team discovered the DominantInfo application while investigating new submissions to VirusTotal. Our inspection of this app revealed that it is adware belonging to the AdLoad malware family. Hence, DominantInfo delivers intrusive ad campaigns and may have additional harmful abilities.

What is seekfreeonline.com?

Seekfreeonline.com is the address (URL) of a fake search engine. Websites of this kind usually cannot generate search results. However, seekfreeonline.com is an exception, but the results it provides are irrelevant and include sponsored as well as untrustworthy content.

These search engines are commonly promoted (via redirects) by browser-hijacking software. Additionally, said sites and the software endorsing them typically collect sensitive user information.

What is MinlWon ransomware?

MinlWon is a ransomware that we discovered during a routine investigation of new submissions to VirusTotal. Malware of this kind is designed to encrypt data and demand ransoms for its decryption.

After we executed a sample of MinlWon on our test system, it encrypted files and appended their files with a ".IP" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.IP", "2.png" as "2.png.IP", and so on. Once the encryption process was finished, the ransomware created a ransom-demanding message titled "LeadMe.txt". Additionally, the desktop wallpaper was changed.

What is DigitalEntry?

During a routine inspection of new submissions to VirusTotal, our research team discovered the DigitalEntry application. After investigating this piece of software, we learned that it is adware from the AdLoad malware family. DigitalEntry operates by running intrusive advertisement campaigns, and this app may have other harmful abilities as well.

What kind of malware is TargetWare?

TargetWare is ransomware - malware that encrypts files to deny access. Additionally, TargetWare provides a ransom note (in the "decrypt_Last_Chance.html" file) and renames files. This ransomware replaces filenames with a string of random characters.

For instance, it replaces "1.jpg" with "3E90344E39CEAD5099A04AA01D134C83", "2.png" with "22F17A9B4F2FA2A60B9078A19F5F5A5B", and so forth.

What is Kafan ransomware?

Kafan is a ransomware-type program that our researchers discovered while investigating new submissions to VirusTotal. Malware within this class is designed to encrypt data and demand payment for its decryption.

After we executed a sample of Kafan on our test machine, it encrypted files and appended their filenames with a ".kafan" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.kafan", "2.png" as "2.png.kafan", etc. Once this process was completed, the ransomware dropped a ransom note – "help_you.txt" – onto the desktop.

What kind of page is worde[.]click?

Upon inspecting worde[.]click, we concluded that this page shows deceptive messages, downloads a file, and asks for permission to show notifications. Our team stumbled upon worde[.]click during examination of websites that use rogue advertising networks and display dubious advertisements. Users access sites like worde[.]click inadvertently.

What is DivisionType?

Our research team discovered the DivisionType application during a routine inspection of new submissions to VirusTotal. After analyzing this app, we determined that it is adware belonging to the AdLoad malware family. Meaning that DivisionType operates by running intrusive advertisement campaigns, i.e., displaying ads.

What kind of malware is Skynetlock?

While inspecting Skynetlock, our team discovered that it is one of the ransomware variants belonging to the MedusaLocker family. We found Skynetlock while checking the VirusTotal site for recently submitted malware samples. The purpose of Skynetlock is to encrypt files.

Additionally, Skynetlock adds its extension (".skynetlock") to filenames and creates the "How_to_back_files.html" file containing a ransom note. An example of how Skynetlock modifies filenames: it changes "1.jpg" to "1.jpg.skynetlock", "2.png" to "2.png.skynetlock", and so forth.