Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Spider?

Our researchers found the Spider ransomware during a routine inspection of new file submissions to the VirusTotal site. This program is part of the MedusaLocker ransomware family. Spider is designed to encrypt data and demand ransoms for its decryption; this malware utilizes double-extortion tactics to push victims into paying.

On our testing system, a sample of Spider encrypted files and added a ".spider1" extension to their filenames. To elaborate, a file initially titled "1.jpg" appeared as "1.jpg".spider1", "2.png" as "2.png.spider1", etc. It is noteworthy that the number in the extension may differ depending on the ransomware's variant.

Afterward, Spider created a ransom note titled "How_to_back_files.html". Based on the message therein, it is evident that the ransomware targets large entities rather than home users.

What kind of page is bealanews[.]com?

During our inspection of bealanews[.]com, we learned that this website is designed to lure visitors into agreeing to receive its notifications. To achieve this, bealanews[.]com utilizes clickbait. Users should never permit sites like bealanews[.]com to send notifications and avoid visiting them.

What kind of malware is Root?

During our analysis of malware samples uploaded to VirusTotal, we discovered Root, a ransomware variant belonging to the MedusaLocker family. We found that Root encrypts and renames files, and provides a ransom note ("How_to_back_files.html"). It appends the ".root4" extension to filenames (the number in its extension can vary).

For example, Root renames "1.jpg" to "1.jpg.root4", "2.png" to "2.png.root4", and so forth.

What kind of page is aroidsguide[.]com?

After reviewing aroidsguide[.]com, our team determined that it is not a reliable website designed to obtain permission from visitors to send notifications through a technique known as clickbait. If allowed, aroidsguide[.]com can send misleading notifications. Therefore, users should not agree to receive them from aroidsguide[.]com (and similar sites).

What kind of page is aroidssolutions[.]com?

Upon inspecting aroidssolutions[.]com, our team concluded that it is not a trustworthy website. The site uses deception to receive permission from visitors to send them notifications. Also, once allowed, aroidssolutions[.]com can deliver misleading notifications. Thus, users should avoid opening aroidssolutions[.]com.

What kind of page is adrgyouweb[.]com?

While investigating dubious websites, our researchers discovered the adrgyouweb[.]com rogue page. Upon inspection, we determined that it promotes browser notification spam and redirects users to other (likely unreliable/hazardous) sites.

Most visitors to adrgyouweb[.]com and webpages akin to it access them via redirects caused by websites that utilize rogue advertising networks.

What kind of page is boot-upprogressiveextremelythe-file[.]top?

Boot-upprogressiveextremelythe-file[.]top is the address of a rogue page discovered by our researchers during a routine inspection of suspect websites. This webpage promotes spam browser notifications and redirects visitors to different (likely dubious/malicious) sites.

The majority of users access boot-upprogressiveextremelythe-file[.]top and similar pages via redirects generated by websites utilizing rogue advertising networks.

What kind of page is allsidestv[.]com?

Our research team discovered allsidestv[.]com while investigating dubious websites. After examining this rogue page, we determined that it promotes browser notification spam and redirects users to different (likely untrustworthy or dangerous) sites.

The majority of visitors to allsidestv[.]com and similar webpages enter them via redirects generated by websites that employ rogue advertising networks.

What kind of malware is Amnesia?

Amnesia is the name of a malicious program. There are two variants of this malware – for Windows and Android operating systems. The program aims to extract various types of sensitive data from infected machines – thus, it is classed as a stealer.

However, Amnesia also exhibits RAT (Remote Access Trojan) capabilities by allowing attackers to control victims' devices directly. Additionally, the program functions as a keylogger, cryptominer, and clipper.

What kind of page is andespeaks[.]top?

Our team has analyzed andespeaks[.]top and learned that its purpose is to obtain permission to send notifications to users. This website employs a deceptive technique to trick users into granting it this permission. Thus, users should avoid visiting andespeaks[.]top and similar web pages.