Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Coty?

During the analysis of malware samples submitted to VirusTotal, our team of malware experts discovered Coty - ransomware belonging to the Djvu family. Coty encrypts data, adds the ".coty" extension to the filenames, and creates a ransom note named "_readme.txt".

An example of how Coty modifies filenames: it renames "1.jpg" to "1.jpg.coty", "2.png" to "2.png.coty", and so forth. It is important to mention that ransomware belonging to the Djvu family is often distributed alongside information stealers like RedLine and Vidar.

What is BinaryOptimizer?

BinaryOptimizer is a rogue application that our research team discovered while inspecting new submissions to VirusTotal. After analyzing this app, we determined that it is adware. It is also pertinent to mention that BinaryOptimizer belongs to the AdLoad malware family.

What kind of page is greatcaptchanow[.]top?

Greatcaptchanow[.]top and the variants of this domain as well as those related to it (e.g., greatcaptchasnow[.]top, etc.) belong to rogue websites, which we discovered during a routine inspection of untrustworthy sites.

These pages are designed to host questionable content and promote browser notification spam. Additionally, they can redirect visitors to other (likely dubious/malicious) websites. Most users access webpages like greatcaptchanow[.]top through redirects caused by sites that employ rogue advertising networks.

What is LockBit ransomware?

LockBit is the name of a ransomware targeting Mac Operating Systems (OSes). It is associated with the LockBit ransomware gang – the developers of LockBit, LockBit 2.0, LockBit 3.0, and various other variants. The aforementioned malware target Windows, Linux, and VMware ESXi servers.

At the time of writing, LockBit (Mac) is the first known ransomware for MacOS developed by a large cybercriminal gang. However, the sample we have researched is still in development and has been released for testing.

Typically, ransomware operates by encrypting victims' files in order to demand payment for decryption. This LockBit version is highly unlikely to carry out its purpose. Firstly, its invalid signature is detected as untrusted by OSes, and the ransomware tends to crash upon manual execution. Although, it must be mentioned that potential future variants may be capable of successfully encrypting Mac devices.

What kind of malware is Recov?

Recov is ransomware belonging to the VoidCrypt family. Our malware researchers discovered Recov while examining malware samples submitted to VirusTotal. They found that Recov encrypts data, modifies filenames, and drops a ransom note ("Dectryption-guide.txt").

Recov appends the victim's ID, an email address, and the ".Recov" extension to filenames. For instance, it changes "1.jpg" to "1.jpg.[MJ-TN2069418375](Recoverifiles@gmail.com).Recov", "2.png" to "2.png.[MJ-TN2069418375](Recoverifiles@gmail.com).Recov", and so forth.

What kind of malware is Goldoson?

Goldoson is an Android malware that compiles a list of installed applications and records the history of Wi-Fi and Bluetooth devices, including GPS locations in close proximity. Additionally, the software includes a feature that allows it to engage in ad fraud by clicking on ads in the background without the user's knowledge or approval.

What kind of application is LauncherProgress?

While investigating deceptive web pages (including sites that offer updates for supposedly outdated software), our team came across LauncherProgress, an application we deemed questionable. Once installed, LauncherProgress began displaying unwanted advertisements, leading us to classify it as adware.

What kind of application is Infinity V+ New Tab?

Upon analyzing the Infinity V+ New Tab browser extension, we discovered that it takes control of a web browser by altering its settings. The intended function of Infinity V+ New Tab is to promote trovi.com, which is a fake search engine. It is important to note that users rarely purposefully download or add browser hijackers.

What kind of malware is Coza?

Our team identified the Coza ransomware, which belongs to the Djvu family, while examining samples on VirusTotal. This malware encrypts data and modifies the names of affected files by adding the ".coza" extension. Once the encryption process is finished, a ransom note is left behind in the form of a "_readme.txt" file.

Coza changes the names of files in the following manner: "1.jpg" becomes "1.jpg.coza", "2.png" becomes "2.png.coza", and so on. As the Djvu family is known to be associated with other malicious software like RedLine, Vidar, and information stealers, it is possible that Coza might also be distributed alongside these threats.

What kind of application is NanoAccess?

After examining the NanoAccess application, we discovered that it displays intrusive advertisements. Consequently, we have categorized NanoAccess as adware, which is often distributed through dubious and misleading methods. As a result, unsuspecting users can unintentionally download and install it.