Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is DotRunpeX?

DotRunpeX is the name of an injector-type malware. This program is written in .NET and has been around since at least 2022. There are multiple variants of DotRunpeX. This malware serves as an integral part of infection chains and is typically delivered in the second stage of the process. The purpose of this program is to inject additional malware into devices.

What is searchwebhub.com?

We have inspected searchwebhub.com and found that it is a search engine that shows ads and may provide misleading results. Thus, searchwebhub.com is not a reliable search engine and should not be used. It is worth mentioning that search engines of this kind usually are promoted through browser hijackers.

What kind of application is Downloader for Image?

Downloader for Image is promoted as a browser extension that enables users to download images from websites. However, during our testing, we discovered that it generates advertisements, making it an advertising-supported application. It should be emphasized that such applications are often distributed and promoted using questionable methods.

What kind of malware is Tywd?

Tywd is a type of ransomware that encrypts files stored on a victim's computer and demands payment in exchange for decryption tools. Our team stumbled upon Tywd while monitoring the VirusTotal website for newly submitted malware samples. Tywd appends the ".tywd" extension to the filename of each encrypted file and drops a ransom note ("_readme.txt").

This particular strain of ransomware is a variant of the Djvu ransomware family and may be distributed in conjunction with other forms of malware, such as RedLine or Vidar. An example of how Tywd modifies filenames: it renames "1.jpg" to "1.jpg.tywd", "2.png" to "2.png.tywd", and so forth.

What kind of malware is Tycx?

During our analysis of malware samples recently submitted to VirusTotal, our team discovered a ransomware called Tycx. Further investigation revealed that Tycx belongs to the Djvu ransomware family, and it is programmed to encrypt files, append the ".tycx" extension to their filenames, and generate a ransom note in the form of a text file ("_readme.txt").

An example of how Tycx renames files: it changes "1.jpg" to "1.jpg.tycx", "2.png" to "2.png.tycx", etc. It is important to note that Tycx may be distributed alongside Vidar, RedLine, or other information stealers.

What kind of page is eutrack[.]work?

Our researchers found the eutrack[.]work rogue webpage while inspecting suspect websites. Ir operates by pushing browser notification spam and redirecting visitors to other (likely untrustworthy/harmful) sites. Most users enter pages like eutrack[.]work through redirects caused by websites that use rogue advertising networks.

What kind of page is tomp3[.]cc?

While investigating suspicious sites, our researchers found the tomp3[.]cc webpage. This is a YouTube converter/downloader, i.e., it allows users to convert the URLs of videos hosted on said platform into downloadable MP3 files. This service infringes copyright laws.

Furthermore, tomp3[.]cc is monetized using rogue advertising networks, which are known to promote untrustworthy and even malicious websites.

What is "Microsoft Lottery"?

After analyzing this email, our team has concluded that its intent is to deceive recipients into divulging personal information. Such emails are commonly known as phishing emails. The email in question alleges that the recipient has won a lottery, but all of the claims made in the email are false. Therefore, it is recommended to disregard it.

What kind of application is Lowdown?

During our examination of Lowdown, we found that this program displays annoying advertisements that can open untrustworthy websites. Therefore, we classified Lowdown as adware. In most cases, users download and install advertising-supported software without knowing that the installed software displays ads.

What kind of email is "Voice Message In Your Office365 Extension"?

Our inspection of the "Voice Message In Your Office365 Extension" email revealed that it is spam. This fake letter is presented as a notification from Microsoft regarding a voice message sent to the recipient. It must be stressed that this phishing email is in no way associated with Microsoft or any services provided by this corporation.