Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is ExilenceTG?

During an examination of malware samples submitted to VirusTotal, we discovered a new Key Group ransomware variant dubbed ExilenceTG. We found that ExilenceTG encrypts files, appends the ".exilenceTG" extension to filenames, and creates a text file ("cyber.txt").

An example of how ExilenceTG renames files: it changes "1.jpg" to "1.jpg.exilenceTG", "2.png" to "2.png.exilenceTG", and so forth.

What kind of application is Player?

During a routine inspection of deceptive websites, our researchers discovered an installer containing the "Player" app. Our investigation revealed that this piece of software operates as adware. In other words, Player runs intrusive advertisement campaigns and may have other harmful functionalities.

What kind of page is rankcaptcha[.]top?

Rankcaptcha[.]top is a site crafted to deceive visitors into accepting its notifications and potentially divert them to other comparable pages. It is uncommon for such pages to be opened intentionally by users. Our team came across rankcaptcha[.]top during an examination of pages utilizing fraudulent advertising networks.

What is DeathRansom (Chaos) ransomware?

Our research team discovered the DeathRansom ransomware-type program during a routine inspection of new submissions to VirusTotal. This malicious program is part of the Chaos ransomware family.

Once we executed a sample of DeathRansom (Chaos) ransomware on our test machine, it encrypted files and appended their filenames with an extension compromising four random characters. For example, a file initially titled "1.jpg" appeared as "1.jpg.888e", "2.png" as "2.png.tv52", etc.

Afterwards, a ransom-demanding message named "read_it.txt" was created, and the desktop wallpaper was changed.

What kind of page is greatcaptchahere[.]top?

Greatcaptchahere[.]top is one of the pages that display deceptive content to lure visitors into allowing them to show notifications. We discovered greatcaptchahere[.]top while inspecting sites that use rogue advertising networks. Users do not open pages like greatcaptchahere[.]top on purpose.

What kind of page is undescoidecimy[.]com?

During our analysis of undescoidecimy[.]com, we discovered that it employs a clickbait technique to entice visitors into allowing it to display notifications. Furthermore, it may redirect to other untrustworthy websites. Consequently, undescoidecimy[.]com is not a reliable website. We came across it while examining other websites of a similar nature.

What kind of page is toppillarrect[.]com?

During our evaluation of toppillarrect[.]com, we observed that the website displays a deceitful message to persuade its visitors to consent to receive notifications. Additionally, toppillarrect[.]com may redirect users to other dubious websites. Therefore, toppillarrect[.]com is unreliable and should not be authorized to send notifications.

What kind of malware is Darj?

Our malware experts came across Darj while analyzing malware samples submitted to VirusTotal. Darj is ransomware that is part of the Djvu family. Its modus operandi is to encrypt data and affix the ".darj" extension to the filenames and produce a ransom note (the "_readme.txt" file).

An example of how Darj modifies filenames: it changes "1.jpg" to "1.jpg.darj", "2.png" to "2.png.darj", etc. It is possible that cybercriminals may be disseminating Darj together with information stealers such as RedLine or Vidar.

What kind of page is updaterlife[.]com?

Updaterlife[.]com is a rogue page that we discovered while investigating suspicious websites. It promotes browser notification spam and redirects visitors to different (likely untrustworthy/dangerous) sites.

Users primarily access webpages like updaterlife[.]com via redirects caused by sites using rogue advertising networks, mistyped URLs, spam notifications, intrusive ads, or installed adware.

What is Ads Blocker Pro?

Our research team discovered the Ads Blocker Pro browser extension while investigating rogue webpages. This extension is promoted as an adblocker – a tool that removes advertisements. However, our analysis revealed that Ads Blocker Pro operates as adware. Hence, instead of blocking adverts – it displays them.