Virus and Spyware Removal Guides, uninstall instructions

What is Gold (Xorist) ransomware?

Our research team discovered the Gold ransomware-type program while investigating new malware submissions to VirusTotal. This malicious program is part of the Xorist ransomware family.

Once we launched a sample of Gold (Xorist) ransomware on our testing system, it began encrypting files and changing their filenames. Original titles were appended with a ".gold" extension, e.g., a file initially named "1.jpg" appeared as "1.jpg.gold", "2.png" as "2.png.gold", etc.

Afterward, identical ransom notes in Russian were created in a text file named "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" and a pop-up window. It is noteworthy that if the system does not have the Cyrillic alphabet, the message in the pop-up will appear as gibberish.

What kind of application is Yearn New Tab?

Our investigation revealed that Yearn New Tab is a browser extension designed to hijack a web browser by changing some of its settings. Also, Yearn New Tab can read various data. A big part of browser-hijacking apps is promoted and distributed using shady methods. Thus, users often download and add them unintentionally.

What kind of malware is Kmbgdftfgdlf?

Kmbgdftfgdlf is ransomware belonging to the Xorist family. Our team discovered Kmbgdftfgdlf while analyzing malware samples on the VirusTotal page. Since Kmbgdftfgdlf is ransomware, it encrypts data to make it inaccessible to victims.

Also, Kmbgdftfgdlf appends the ".kmbgdftfgdlf" extension to filenames and provides two ransom notes (creates the "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" file and displays an error message). An example of how Kmbgdftfgdlf renames files: it changes "1.jpg" to "1.jpg.kmbgdftfgdlf", "2.png" to "2.png.kmbgdftfgdlf", and so forth.

What kind of application is RecordConsole?

During our investigation into dubious websites that falsely indicate outdated software, we came across RecordConsole, which upon downloading and installation, proved to be of no practical use and instead displayed irritating advertisements. For this reason, our team classified RecordConsole as adware.

What is Ultimate Files Downloader?

While inspecting suspicious sites, our researchers discovered the Ultimate Files Downloader browser extension. It is presented as a download management tool. However, our inspection of Ultimate Files Downloader revealed that it operates as advertising-supported software (adware).

What is Tab Manager?

Our research team discovered the Tab Manager browser extension while inspecting deceptive websites. This piece of software supposedly has the ability to close all browser tabs at once, regardless of their type (e.g., incognito, pinned, etc.). However, our analysis of this extension revealed that it is adware. In other words, Tab Manager runs intrusive advertisement campaigns and collects private data.

What is suggestonlineweb.com?

We discovered the suggestonlineweb.com fake search engine while investigating browser-hijacking software. Websites of this kind are typically incapable of providing search results, and while suggestonlineweb.com can – they are irrelevant and include sponsored and potentially harmful content.

In most cases, illegitimate search engines are promoted (through redirects) by browser hijackers. These sites are also considered to be a privacy threat since they tend to collect user data.

What kind of application is ChatSAI?

While examining the ChatSAI application, our team found that it functions as a browser hijacker. The purpose of this app is to force users to use chatsai.nextjourneyai.com - a fake search engine. ChatSAI achieves this by modifying the settings of a web browser. It is worth noting that users tend to download and add browser hijackers inadvertently.

What kind of scam is "McAfee - A Virus Has Been Found On Your PC!"?

While investigating suspicious websites, our research team discovered the "McAfee - A Virus Has Been Found On Your PC!" scam. This deceptive content is disguised as the McAfee anti-virus, and it must be stressed that the actual McAfee Corp. is not associated with this scheme.

"McAfee - A Virus Has Been Found On Your PC!" makes false claims regarding system infections. Typically, scams of this kind are used to promote untrustworthy and harmful software.

What is Tangem ransomware?

Tangem is a ransomware-type program discovered by our researchers during a routine investigation of new submissions to VirusTotal. This malicious program is part of the MedusaLocker ransomware family, and it is designed to encrypt data and demand ransoms for decryption.

On our test machine, Tangem encrypted files and appended their filenames with a ".tangem" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.tangem", "2.png" as "2.png.tangem", etc.

After the encryption was completed, Tangem created a ransom note titled "How_to_back_files.html". Based on the message therein, it is evident that this ransomware targets companies rather than home users.