Virus and Spyware Removal Guides, uninstall instructions

What is Mimic ransomware?

Mimic is a ransomware-type program. Malware within this classification is designed to encrypt data and demand ransoms for decryption. Evidence suggests that Mimic is based on the leaked CONTI ransomware builder. Mimic campaigns have been observed targeting English and Russian speaking users.

After we executed a sample of Mimic on our testing system, it encrypted files and appended their filenames with a ".QUIETPLACE" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.QUIETPLACE", "2.png" as "2.png.QUIETPLACE", and so on.

Once this process was concluded, Mimic created identical ransom notes in a screen it displayed preceding the log-in screen and a text file titled "Decrypt_me.txt".

What is DODO ransomware?

DODO is the name of a malicious program that is classed as ransomware. This malware is designed to encrypt data and demand ransoms for the decryption tools.

Once we launched a sample of DODO on our test machine, it encrypted files and changed their filenames by appending them with a ".dodov2" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.dodov2", "2.png" as "2.png.dodov2", etc. Afterwards, this ransomware created a ransom note named "dodov2_readit.txt".

What kind of email is "Mailbox Full"?

We discovered two email variants belonging to the "Mailbox Full" spam campaign. These letters make false claims regarding the recipients' email accounts. This spam mail aims to trick them into visiting phishing websites that imitate legitimate email account sign-in pages.

What kind of application is Quick Pic Download?

Our examination of the Quick Pic Download browser extension revealed that it shows intrusive ads, leading us to classify it as adware. Adware is commonly promoted and distributed using misleading or questionable practices. We discovered the Quick Pic Download app on a shady website.

What kind of malware is LockBit Green?

LockBit Green is ransomware that encrypts the victim's data, appends a random extension to filenames of all encrypted files, and drops the "!!!-Restore-My-Files-!!!.txt" file containing a ransom note. It is known that LockBit Green is based on Conti ransomware.

An example of how LockBit Green renames files: it changes "1.jpg" to "1.jpg.7ec3rqvr", "2.doc" to "2.doc.7ec3rqvr", and so forth.

What kind of extension is Nautica?

While investigating suspicious websites, our researchers discovered the Nautica browser extension. This piece of rogue software operates as a browser hijacker – modifies browser settings, causes redirects, and spies on users' browsing activity.

What kind of page is addssupport[.]com?

Addssupport[.]com has been deemed untrustworthy site due to its use of a clickbait technique to trick visitors into subscribing to its notifications. Our team discovered addssupport[.]com while investigating websites that employ rogue advertising networks. It is important to note that most users come across these types of pages unintentionally.

What kind of email is "UPS Custom Permit"?

Our inspection of the "UPS Custom Permit" email revealed that it is spam. This letter is presented as a notification from UPS regarding the recipient's order. It must be emphasized that this email is fake, and it is not associated with the actual UPS company. This spam mail likely operates as a phishing scam.

What kind of malware is Auto?

While examining malware samples submitted to the VirusTotal website, we discovered a ransomware variant dubbed Auto. This ransomware is identical to Septwolves, Wanqu, Axxes, and many other ransomware variants. Auto encrypts files and two ransom notes ("RESTORE_FILES_INFO.hta" and "RESTORE_FILES_INFO.txt" files).

Also, Auto ransomware appends the ".auto" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.auto", "2.png" to "2.png.auto", and so forth.

What kind of scam is "Paid/Unpaid Invoice"?

After reviewing the email, we have determined that it is a phishing attempt by scammers seeking to obtain sensitive information. The email appears to be about an invoice, but it is actually an elaborate hoax, complete with a bogus HTML file attachment. Recipients should not engage with this email and treat it as spam.