Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is ZFX?

ZFX is ransomware - a type of malicious software that encrypts files. Our malware researchers discovered ZFX while checking the VirusTotal for recently submitted malware samples. In addition to encrypting data, ZFX modifies filenames, changes the desktop wallpaper, and drops the "+README-WARNING+.txt" file (a ransom note).

ZFX appends a string of random characters, cryptedData@tfwno.gf email address, and the ".ZFX" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.[2AF20FA3].[CryptedData@tfwno.gf].ZFX", "2.png" to "2.png.[2AF20FA3].[CryptedData@tfwno.gf].ZFX", and so forth. ZFX is part of the Makop ransomware family.

What is SearchIT New Tab?

While researching dubious websites, our researchers found a page endorsing a browser extension called SearchIT New Tab. After inspecting this piece of software, we determined that it is a browser hijacker. SearchIT New Tab alters browser settings to promote the searchresults.store fake search engine.

What kind of website is advaguru[.]com?

We examined advaguru[.]com and learned that it displays a misleading message to lure visitors into agreeing to receive notifications. Additionally, advaguru[.]com redirects to one or more similar pages. This website was discovered by our team during an inspection of sites that use rogue ad networks.

What kind of email is "Upgrade Zimbra Account"?

Our inspection of the "Upgrade Zimbra Account" email revealed that it is spam. The fake letter urges the recipient to update their Zimbra email account so as to prevent it from being shut down. This spam email promotes a phishing website disguised as the Zimbra sign-in page.

What kind of page is legivenestatery[.]com?

We have examined legivenestatery[.]com and learned that the purpose of this site is to lure visitors into agreeing to receive notifications. We discovered legivenestatery[.]com while inspecting pages that use shady advertising networks. Users do not visit pages legivenestatery[.]com on purpose.

What kind of page is topadvshop[.]com?

While reviewing topadvshop[.]com, we found that this page displays a deceptive message to trick visitors into agreeing to receive its notifications. Also, topadvshop[.]com redirects to other shady websites. Thus, topadvshop[.]com cannot be trusted (and it should not be allowed to show notifications).

What kind of scam is "Donation From Lottery Winner"?

After reviewing this email, we found that it was sent by scammers who aim to extort money and (or) information from recipients. It is disguised as a letter from someone who supposedly won a lottery and is willing to share the prize with others. Recipients should ignore this scam email.

What kind of malware is Assm?

Assm is ransomware that prevents victims from accessing data by encrypting it. Also, Assm renames files by appending its extension (".assm") to filenames and drops its ransom note ("_readme.txt"). Our team discovered Assm while examining malware samples submitted to VirusTotal.

Additionally, we found that Assm belongs to the Djvu ransomware family. It is known that threat actors often distribute these ransomware variants alongside information stealers like RedLine and Vidar. An example of how Assm renames files: it changes "1.jpg" to "1.jpg.assm", "2.png" to "2.png.assm", and so forth.

What kind of application is Media Control?

Our team has tested the Media Control application and found that it operates as adware - this app shows intrusive advertisements. It is uncommon for advertising-supported programs to be downloaded and installed knowingly. We discovered Media Control on a deceptive website.

What kind of page is increasedpcsecurity[.]site?

Increasedpcsecurity[.]site is a rogue webpage that our researchers discovered while inspecting suspicious sites. It is designed to promote scams and browser notification spam. Furthermore, this page can redirect users elsewhere (likely untrustworthy/malicious) websites.

Most users enter increasedpcsecurity[.]site and similar webpage through redirects caused by sites that use rogue advertising networks.