Virus and Spyware Removal Guides, uninstall instructions

What kind of page is inghesatin[.]com?

Our team has investigated inghesatin[.]com and found that the purpose of this page is to lure visitors into agreeing to receive notifications. Inghesatin[.]com displays deceptive content to convince visitors to allow it to show notifications. Also, inghesatin[.]com redirects to similar websites.

What kind of page is ivids[.]ru?

During the examination of ivids[.]ru, we learned that this site uses a social engineering tactic to trick visitors into agreeing to receive notifications. Also, ivids[.]ru redirects visitors to other pages of this kind. Our team found ivids[.]ru while inspecting pages that use shady advertising networks.

What kind of malware is VenusStealer?

VenusStealer is information-stealing malware, a type of malicious software designed to gather sensitive information from computers. VenusStealer is written using the Python programming language. It targets browser data, Facebook data, and other personal information. Victims should remove VenusStealer as soon as possible.

What kind of malware is Beep?

Beep is a piece of malicious software. It is capable of stealing information and causing chain infections. At the time of writing, this malware appears to be still in development; however, it is highly evasive and employs multiple techniques to avoid detection and prevent analysis.

What kind of malware is APT14CHIR?

APT14CHIR is ransomware that our team discovered while examining samples submitted to the VirusTotal website. The purpose of APT14CHIR is to encrypt files. Additionally, it creates a ransom note ("PLEASE READ.txt" file) and renames files by replacing their filenames with a string of random characters and appending the ".APT14CHIR" extension.

An example of how APT14CHIR modifies filenames: it changes "1.jpg" to "45bHrwLR0CmRGayY.APT14CHIR", "2.doc" to "qoMCVBgi0Vm17mcu.APT14CHIR", and so forth.

What kind of malware is Konni?

Konni is the name of a Remote Access Trojan (RAT). Malware categorized as such is designed to enable remote access and control over infected machines. RATs tend to be incredibly versatile tools applicable in a variety of ways.

One campaign involving Konni has been noted as early as 2021, wherein this malware was used to target the Russian diplomatic sector with New Years themed malicious spam emails. Another campaign targeted organizations in Poland, Czech Republic, and other European countries. The general consensus of the cyber security community is that Konni is potentially linked to a North Korean threat actor.

What kind of page is getshowads[.]com?

While examining getshowads[.]com, we found that it is one of the websites designed to trick visitors into agreeing to receive notifications. These notifications can be annoying and intrusive and can even be used to deliver malicious content to unsuspecting users. Thus, getshowads[.]com should not be allowed to send notifications.

What kind of malware is GOLDBACKDOOR?

GOLDBACKDOOR is malware designed to infiltrate a victim's computer and steal sensitive information. The deployment process of GOLDBACKDOOR appears to be a multi-stage operation, likely intended to evade detection by antivirus or endpoint security systems. It is currently believed that the malicious campaign began in March 2022 and is still ongoing.

What is Baal (Chaos) ransomware?

While inspecting new submissions to VirusTotal, our researchers discovered the Baal malicious program that is based on the Chaos ransomware.

After we executed a sample of Baal (Chaos) ransomware on our test system, it encrypted files and modified their titles. Original filenames were appended with an extension consisting of four random characters, e.g., a file initially named "1.jpg" appeared as "1.jpg.vkwp", and so on.

Once the encryption process was completed, a ransom note – "read_it.txt" – was created, and the desktop wallpaper was changed.

What kind of malware is AnGrYTuRkEy?

AnGrYTuRkEy is ransomware that encrypts files, changes the desktop wallpaper, drops the "read_it.txt" file (a ransom note) and appends the ".AnGrYTuRkEy" extension to filenames. Our malware researchers discovered AnGrYTuRkEy while checking the VirusTotal site for recently submitted malware samples.

An example of how AnGrYTuRkEy modifies filenames: it changes "1.jpg" to "1.jpg.AnGrYTuRkEy", "2.doc" to "2.doc.AnGrYTuRkEy", etc. We also found that AnGrYTuRkEy is another variant of the TURKEY ransomware and it is based on Chaos ransomware.