Virus and Spyware Removal Guides, uninstall instructions

What is F**ked ransomware?

While inspecting new submissions to VirusTotal, our research team discovered a malicious program named F**ked (title censored throughout the article, the asterisks stand for the letters "u" and "c", respectively). This program belongs to the Chaos ransomware family. Malware within the ransomware classification encrypts data and demands ransoms for its decryption.

Once we executed a sample of F**ked ransomware on our test machine, it encrypted files and appended their filenames with a ".f**ked" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.f**ked", "2.png" as "2.png.f**ked", and so on.

Afterwards, the desktop wallpaper was changed, and a text file – "read_it.txt" – containing the ransom note was created.

What kind of email is "Webmail Account Maintenance"?

"Webmail Account Maintenance" is a spam email presented as a notification from Webmail. The fake letter states that the recipient's email account will be blocked due to unresolved maintenance issues. This spam mail promotes a phishing website targeting email account log-in credentials.

What kind of malware is Zaraza?

Zaraza is the name of a stealer-type malware. Programs within this classification operate by extracting (stealing) information from infected systems and installed applications. Stealers can target specific details or a broad range of data. Regardless, malware like Zaraza poses serious threats to user privacy.

What kind of page is ytgoconverter[.]com?

After examining ytgoconverter[.]com, we concluded that this page offers to download videos from YouTube, wants to show notifications, and uses shady advertising networks. It is important to mention that downloading videos from YouTube without permission from the copyright holder is generally not legal.

What kind of software is "Ring"?

Our research team discovered an installation setup containing a browser hijacker named "Ring" while inspecting deceptive sites. Typically, software within this category makes alterations to browser settings. However, Ring does not modify browsers to promote the dmiredindee.com fake search engine.

What is searchtonow.com?

We have determined that searchtonow.com is a dubious search engine that could present misleading results and advertisements. Typically, search engines are promoted through browser hijackers - applications that alter a web browser's settings. It is recommended to avoid using questionable search engines.

What kind of malware is PowerMagic?

PowerMagic is the name of a backdoor malware written in PowerShell. It is known that PowerMagic is used in attacks where cybercriminals distribute another malware called CommonMagic. Backdoor malware refers to a form of malicious software that creates a concealed entry point into a computer system or network.

What kind of malware is CommonMagic?

CommonMagic is a modular malicious framework. It is suspected to be distributed through a malware strain known as PowerMagic. The CommonMagic framework is composed of multiple executable modules and has the ability to capture screenshots and collect data from USB drives. It seems that CommonMagic is distributed using spear phishing.

What kind of email is "Walmart Order"?

After reviewing this "Walmart Order" email, we determined that it is spam. The scam email is presented as a notification regarding a purchase made from Walmart. This spam mail aims to deceive recipients into calling the fake support line and thus entrapping them in a scam.

What kind of malware is Rans-A?

While analyzing malware samples submitted to VirusTotal, our team discovered a ransomware variant belonging to the Xorist family dubbed Rans-A. This ransomware encrypts files, appends the ".Rans-A" extension to filenames, creates the "HOW TO DECRYPT FILES.txt" file, and displays an error message that contains a ransom note.

An example of how Rans-A modifies filenames: it renames "1.jpg" to "1.jpg.Rans-A", "2.png" to "2.png.Rans-A", and so forth.