Virus and Spyware Removal Guides, uninstall instructions

What is Acessd ransomware?

Our research team found the Acessd ransomware-type program during a routine inspection of new submissions to VirusTotal. This program is part of the MedusaLocker ransomware family, and it is designed to encrypt data and demands ransoms for the decryption.

Once we executed a sample of Acessd on our test system, it began encrypting files and altered their names. Original filenames were appended with a ".acessd" extension, e.g., a file titled "1.jpg" appeared as "1.jpg.acessd", "2.png" as "2.png.acessd", etc. Afterwards, the ransomware created a ransom note named "How_to_back_files.html".

What is Soul?

Soul is the name of the malware framework. Cybercriminals behind it use a downloader that executes a loader dubbed SoulSearcher. This loader is accountable for the decryption, downloading, and loading of other modules of the Soul modular backdoor into memory. The usage of the Soul framework has been traced back to a minimum of 2017.

What is control-search.xyz?

Our tests of control-search.xyz revealed it to be a fake search engine that does not produce its own search results. It is important to note that these types of search engines are often promoted through browser-hijacking applications, and users often unintentionally add them to their browsers.

What kind of search engine is searchitonlinehome.com?

While testing searchitonlinehome.com, we found that it shows ads and may display questionable results. Thus, it is not a completely reliable search engine. It is common for dubious search engines to be promoted via browser hijackers. Apps of this type change web browser settings to force users to use shady search engines or other addresses.

What kind of page is usprotection[.]click?

Usprotection[.]click is a dubious website that presents deceitful content and prompts users to subscribe to notifications. Our team found usprotection[.]click during an investigation of websites that employ rogue advertising networks. It is not a website that users typically visit deliberately.

What is Mamai ransomware?

Mamai is the name of a ransomware-type program. It is part of the MedusaLocker ransomware family. Once we executed a sample of Mamai on our test machine, it began encrypting files and appended their filenames with a ".mamai10" extension.

Original filename like "1.jpg" appeared as "1.jpg.mamai10", "2.png" as "2.png.mamai10", etc. It is pertinent to mention that the number in the extension may vary depending on the ransomware's variant.

After the encryption process was finished, this ransomware created a ransom-demanding message – "How_to_back_files.html" – and dropped it onto the desktop. Based on the note therein, it is evident that Mamai targets companies rather than home users.

What is Zxc ransomware?

While investigating new malware submissions to VirusTotal, our researchers discovered the Zxc ransomware-type program. This malicious program belongs to the VoidCrypt ransomware family.

After we executed a sample of Zxc on our test machine, it encrypted files and modified their filenames. Original titles were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".zxc" extension. For example, a file named "1.jpg" appeared as "1.jpg.(MJ-KO1579824036)(hionly@tutanota.com).zxc".

Once the encryption process was finished, this ransomware created identical ransom notes in a pop-up window ("Decryption-Guide.HTA") and text file ("Decryption-Guide.txt").

What kind of email is "Webmail Security Changes"?

"Webmail Security Changes" was revealed to be a spam email by our inspection. This letter is presented as a notification from the recipient's mail service provider regarding unauthorized changes to the email account. This phishing letter targets recipients' log-in credentials in order to steal their email accounts.

What is Infinity Search?

While investigating suspicious websites, our researchers discovered the Infinity Search browser extension. After installing this piece of software on our test machine, we learned that it operates as a browser hijacker. Infinity Search modifies browsers to promote the search.infinity-searches.com fake search engine.

What kind of malware is SYS01?

The purpose of SYS01 is to steal sensitive information, such as login credentials, cookies, and data related to Facebook ad and business accounts. Cybercriminals behind SYS01 have been observed targeting employees in government infrastructure, manufacturing companies, and various other industries.