Virus and Spyware Removal Guides, uninstall instructions

What kind of page is allreqdusa[.]com?

Allreqdusa[.]com is a rogue page that our research team discovered while investigating suspicious websites. This webpage aims to deceive visitors into allowing it to display spam browser notifications. Additionally, allreqdusa[.]com can redirect users elsewhere (likely untrustworthy/malicious) sites.

Most visitors to such webpages enter them via redirects caused by websites using rogue advertising networks.

What kind of page is advdomenews[.]com?

Our researchers found the advdomenews[.]com rogue page while checking out untrustworthy websites. It operates by pushing browser notification spam and redirecting visitors to other (likely unreliable/malicious) sites. Most users access pages like advdomenews[.]com via redirects caused by websites that use rogue advertising networks.

What kind of page is astellihandl[.]xyz?

Our team examined astellihandl[.]xyz and found that it displays a deceptive message to trick visitors into agreeing to receive notifications. We also discovered that astellihandl[.]xyz redirects to another untrustworthy website. Thus, it is advisable not to trust astellihandl[.]xyz and pages opened through it.

What kind of malware is Sa58?

While examining malware samples submitted to VirusTotal, our team discovered ransomware dubbed Sa58. The purpose of this malware is to encrypt files. Additionally, Sa58 appends the ".sa58" extension to the filenames of all encrypted files and creates a ransom note (the "info.txt" file).

An example of how files encrypted by Sa58 ransomware are renamed: "1.jpg" is renamed to "1.jpg.sa58", "2.png" to "2.png.sa58", and so forth.

What kind of website is vipdatingtoday[.]top?

While analyzing vipdatingtoday[.]top, we learned that it uses a clickbait technique to lure visitors into allowing it to show notifications. Also, it redirects to other shady pages. Thus, vipdatingtoday[.]top is not a trustworthy website. We discovered it while inspecting other sites of this kind.

What kind of page is news-lihuve[.]com?

News-lihuve[.]com is a rogue webpage that we discovered while inspecting dubious websites. This page promotes spam browser notifications and redirects visitors to other (likely untrustworthy/dangerous) sites.

Users typically access news-lihuve[.]com and webpages akin to it – via redirects caused by websites using rogue advertising networks.

What is Worldwide Clock Extension?

While investigating suspicious websites, our research team discovered the Worldwide Clock Extension. This browser extension promises the functionality of displaying clocks from user-chosen timezones on the browser's homepage.

After inspecting Worldwide Clock Extension, we determined that it is a browser hijacker promoting the search.worldwideclockextension.com fake search engine.

What kind of page is advzen[.]com?

Our research team discovered the advzen[.]com rogue webpage while checking out questionable sites. It is designed to promote browser notification spam and redirect visitors to different (likely untrustworthy/dangerous) websites. Most users access pages like advzen[.]com via redirects caused by sites that use rogue advertising networks.

What is FilesEncrypted (MedusaLocker) ransomware?

While investigating new submissions to VirusTotal, our researchers discovered the FilesEncrypted ransomware-type program. It belongs to the MedusaLocker ransomware family.

Once we launched a sample of FilesEncrypted (MedusaLocker) ransomware on our test machine, it began encrypting files. The filenames of affected files were appended with a ".filesencrypted" extension, e.g., a file titled "1.jpg" appeared as "1.jpg.filesencrypted", "2.png" as "2.png.filesencrypted", etc.

Afterwards, a ransom-demanding message named "how_to_back_files.html" was dropped onto the desktop. This note makes it clear that this ransomware targets companies rather than home users.

What kind of page is erpringash[.]xyz?

Erpringash[.]xyz is a rogue page that we found during a routine inspection of dubious websites. This webpage promotes spam browser notifications and redirects visitors to other (likely untrustworthy/malicious) sites. Users typically enter pages like erpringash[.]xyz via redirects caused by websites using rogue advertising networks.