Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Dazx?

Our team found Dazx, a member of the Djvu ransomware family, during a review of malware samples submitted to VirusTotal. The primary objective of Dazx is to encrypt files. Also, this ransomware modifies filenames by adding the ".dazx" extension to filenames and creates a ransom note named "_readme.txt".

For example, Dazx renames "1.jpg" to "1.jpg.dazx" and "2.doc" to "2.doc.dazx". Sometimes, cybercriminals use malware such as RedLine and Vidar to steal sensitive data before employing Djvu ransomware to encrypt the files.

What kind of page is euprotection[.]click?

Our researchers found the euprotection[.]click rogue page while inspecting dubious websites. It is designed to promote scams and spam browser notifications. Furthermore, this webpage can redirect visitors to other (likely untrustworthy/hazardous) sites. Most users can enter such pages via redirects caused by websites using rogue advertising networks.

What is Merlin ransomware?

Our researchers discovered the Merlin ransomware during a routine investigation of new submissions to VirusTotal. After we executed a sample of this malware on our test system, it encrypted files and appended their filenames with a ".Merlin" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.Merlin", "2.png" as "2.png.Merlin", and so forth.

Once the encryption process was finished, a ransom note named "Merlin_Recover.txt" was created. Based on the message therein, it is evident that Merlin ransomware targets companies rather than home users.

What is COVID Dashboard?

While inspecting deceptive websites, our researchers discovered the COVID Dashboard, full title – COVID dashboard at Johns Hopkins University – browser extension. It is promoted as a tool for easy access to information concerning the COVID-19 pandemic.

After investigating this extension, we determined that it operates as a browser hijacker. This piece of software modifies browser settings to promote fake search engines. Additionally, COVID Dashboard spies on users' browsing activity.

What is nowsearchit.com?

We have tested nowsearchit.com and found that it is a questionable search engine that may generate unreliable results. Search engines of this kind are promoted mainly via browser hijackers. Typically, users install/add apps of this type without knowing that these apps will change the settings of their web browsers.

What is Usr ransomware?

Our research team found the Usr ransomware while investigating new submissions to VirusTotal. This malicious program is part of the Phobos ransomware family.

Once we executed a sample of Usr on our test machine, it began encrypting files. The filenames of the affected files were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".usr" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.id[9ECFA84E-3449].[username@worker.com].usr".

After the encryption process was created, ransom notes were created in a pop-up window ("info.hta") and text file ("info.txt").

What is PixelSee?

While inspecting rogue websites, our research team found a page promoting the PixelSee application. It is endorsed as a free media player.

However, due to the app's dubious promotion and potentially unmentioned undesirable functionalities, it is classed as a PUA (Potentially Unwanted Application). It is likely that this piece of software tracks user data, and it may have other harmful abilities. Additionally, freeware and PUAs are often bundled with unwanted/hazardous software.

 What is a cryptocurrency clipper?

A cryptocurrency clipper is a harmful software that can obtain and alter the information stored in the clipboard. ESET has reported numerous fraudulent Telegram and WhatsApp websites which aim to deceive Android (and Windows) users by offering fake (malicious) versions of these messaging applications.

What kind of software is "Bottle"?

While investigating suspicious websites, our researchers discovered an installer (commonly detected as Valyria) that contained the Bottle browser hijacker. Unlike most software within this classification, it does not modify browser settings to promote its fake search engine – oldforeyes.com.

What kind of app is Tabs Organizer for Chrome?

After downloading and adding the Tabs Organizer for Chrome extension to our browser, we found that this app displays annoying advertisements. Due to this behavior, we classified Tabs Organizer for Chrome as adware. In most cases, users install/add adware without realizing it.