Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is M2RAT?

M2RAT is a backdoor malware that operates as a remote access trojan (RAT), performing functions such as keylogging, data theft, command execution, and taking screenshots. The malware uses shared memory sections for commands and data exfiltration, leaving few traces on the infected device.

What kind of malware is goatRat?

goatRat is the name of a remote access trojan (RAT) - a malicious app that allows attackers to take control of an Android device. Malware of this type can provide attackers with access to sensitive information like messages, call logs, and photos, as well as the ability to execute commands, take screenshots, record audio, and video, etc.

What kind of page is softlifeinfo[.]com?

Our researchers discovered the softlifeinfo[.]com rogue webpage during a routine inspection of dubious sites. This page promotes untrustworthy/harmful software and browser notification spam. Additionally, it can redirect visitors to different (likely unreliable/hazardous) websites.

Users typically access pages like softlifeinfo[.]com through redirects caused by sites that employ rogue advertising networks.

What is Zteqqd ransomware?

Zteqqd is a ransomware-type program that our researchers discovered while inspecting new submissions to VirusTotal. On our testing machine, this ransomware encrypted files and altered their filenames.

The titles of affected files were appended with a unique ID assigned to the victim and a ".zteqqd" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.[ID-9ECFA84E].zteqqd", and so forth. After the encryption process was completed, this ransomware dropped a ransom note – "RESTORE_FILES_INFO.txt" – onto the desktop.

What is SharedFormat?

While inspecting new submissions to VirusTotal, our research team discovered the SharedFormat application. After examining this piece of software, we determined that it is adware belonging to the AdLoad malware family. This app is designed to display advertisements, and it may have additional harmful functionalities.

What kind of page is foylosd[.]xyz?

Our team has examined securityguardplus[.]site and found that this page uses deceptive marketing to promote legitimate antivirus software. It shows deceptive messages to trick visitors into believing that their computers might be infected. We determined that securityguardplus[.]site runs the "You've visited illegal infected website" scam.

What is Stealc?

Stealc is the name of an information-stealing malware. It targets a wide variety of data associated with browsers, messaging software, cryptocurrency wallets, and other apps/extensions.

According to Stealc's developers, it was created by relying on Vidar, Raccoon, Mars, and RedLine stealers. Naturally, this malicious program shares similarities with the aforementioned malware. At the time of writing, Stealc is in active development – with the developers releasing new variants on a nearly weekly basis.

What kind of malware is MEDUSA?

MEDUSA is ransomware that encrypts data, appends the ".MEDUSA" extension to filenames, and drops the "!!!READ_ME_MEDUSA!!!.txt" file, which contains a ransom note. Our team discovered MEDUSA while examining samples submitted to VirusTotal.

An example of how MEDUSA modifies filenames: it renames "1.jpg" to "1.jpg.MEDUSA", "2.png" to "2.png.MEDUSA", and so forth.

What is search-good.com?

While investigating rogue installation setups, we found one promoting the search-good.com illegitimate search engine. Websites of this kind are typically endorsed (through redirects) by browser-hijacking software. During our analysis, we discovered search-good.com being promoted by a browser hijacker called Apps. However, other malicious extensions can cause redirects to this fake search engine as well.

What kind of malware is Jron?

During our analysis of malware samples submitted to the VirusTotal page, we came across a ransomware strain dubbed Jron. Upon further investigation, we determined that Jron belongs to the Dharma ransomware family. Jron encrypts data, alters file names, presents a pop-up window, and generates a text file ("info.txt") containing ransom demands.

Jron appends the victim's ID, jerd@420blaze.it email address, and the ".jron" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.id-9ECFA84E.[jerd@420blaze.it].jron", "2.png" to "2.png.id-9ECFA84E.[jerd@420blaze.it].jron", and so forth.