Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Vvoo?

In our analysis of Vvoo, we found that it is a ransomware variant from the Djvu family. Vvoo encrypts data, appends the ".vvoo" extension to the filenames of the encrypted files, and creates a ransom note (the "_readme.txt" file). Our team came across Vvoo while reviewing samples submitted to VirusTotal.

An example of how vvoo renames files: "1.jpg" to "1.jpg.vvoo", "2.png" to "2.png.vvoo", etc. It is worth noting that Vvoo may also be distributed with information stealers like RedLine or Vidar.

What kind of email is "Social Security Account Missing Information"?

After investigating the "Social Security Account Missing Information" spam email, we determined that it operates as a phishing scam. Allegedly, this letter regards the recipient's social security documentation, which is in an attachment.

The attached file is "encrypted" and requires the user to log in with their email account to access it. The log-in credentials entered into the file are recorded and sent to the scammers behind the "Social Security Account Missing Information" spam campaign.

What kind of email is "Norton360 Total Protection Subscription Charge"?

After we inspected the "Norton360 Total Protection Subscription Charge" email, we determined that it is spam. This letter is presented as a notification regarding the purchase of the Norton 360 anti-virus. The goal of this mail is to trick recipients into calling the provided telephone number and lure them into a scam.

It must be emphasized that this spam email is fake, and it is in no way associated with Norton. Therefore, this letter must be ignored and reported as spam.

What kind of page is 10downloader[.]com?

During a routine inspection of questionable websites, our researchers discovered the 10downloader[.]com webpage. This site is designed to allow users to convert YouTube video links into downloadable files. It must be mentioned that YouTube converter websites break copyright laws.

What is more, 10downloader[.]com uses rogue advertising networks that promote untrustworthy, deceptive, and malicious content. Hence, visitors to such pages are likely to access dubious/dangerous sites inadvertently. Additionally, 10downloader[.]com pushes browser notification spam.

What kind of application is Art Tab?

Our analysis of the Art Tab application has revealed that it is a browser extension that has been created to hijack web browsers. The app forcibly pushes a fake search engine (srchinart.com) by altering the settings of the browser. Additionally, Art Tab has the ability to read certain data.

What is thebestwefind.com?

While inspecting browser hijackers, our researchers found the thebestwefind.com fake search engine. Sites of this kind are typically promoted by browser-hijacking software. It makes alterations to browsers in order to cause redirects to illegitimate search engines. Furthermore, websites like thebestwefind.com usually collect information about their visitors.

What kind of malware is PYAS?

PYAS is ransomware - malicious software that encrypts victims' files, making them inaccessible. In addition to encrypting files, PYAS appends the ".PYAS" extension to filenames and drops the "README.txt" file that contains a ransom note.

An example of how PYAS renames files: it changes "1.jpg" to "1.jpg.PYAS", "2.doc" to "2.doc.PYAS", and so forth.

What kind of malware is Vvmm?

While analyzing Vvmm, we found that it is one of the ransomware variants belonging to the Djvu family. Vvmm encrypts data, appends the ".vvmm" extension to filenames of the encrypted files, and creates a ransom note ("_readme.txt" file). Our team discovered Vvmm while inspecting samples submitted to the VirusTotal page.

An example of how Vvmm renames files: it changes "1.jpg" to "1.jpg.vvmm", "2.png" to "2.png.vvmm", and so forth. It is important to mention that Vvmm may be distributed alongside RedLine, Vidar, or other information stealers.

What kind of page is wholehypewords[.]com?

We have analyzed wholehypewords[.]com and found that the purpose of this page is to lure visitors into agreeing to receive notifications from it. In addition to asking for permission to show dubious notifications, wholehypewords[.]com may redirect visitors to other untrustworthy websites. Thus, wholehypewords[.]com should not be trusted.

What kind of page is wersi[.]club?

Upon examining wersi[.]club, we concluded that it is a shady website with the aim of deceiving visitors into granting it permission to send notifications. Additionally, the website may redirect visitors to other questionable sites. We encountered wersi[.]club during an analysis of sites that use rogue advertising networks.