Virus and Spyware Removal Guides, uninstall instructions

What kind of page is stormstone[.]top?

Stormstone[.]top is an untrustworthy website that uses a clickbait technique (shows a deceptive message) to lure visitors into agreeing to receive its notifications. Users open such pages unintentionally. Our team discovered stormstone[.]top while examining sites that use shady advertising networks.

What is Album Stealer?

Album Stealer is an information-stealing malware, which spreads under the guise of an album containing explicit photographs of women. This stealer targets browsing-related data and log-in credentials, particularly information related to Facebook accounts.

Album Stealer has been observed being distributed through Facebook, wherein victims are lured into downloading a photo album containing adult-oriented images of women.

What kind of malware is Buddyransome?

Buddyransome is ransomware that encrypts data and appends the ".buddyransome" extension to filenames. Also, it drops the "HOW_TO_RECOVERY_FILES.txt" text file (a ransom note). An example of how Buddyransome renames files: it changes "1.jpg" to "1.jpg.buddyransome", "2.png" to "2.png.buddyransome", and so forth.

What kind of page is nuothmen[.]com?

Our team has examined nuothmen[.]com and learned that it is an untrustworthy website that shows a deceptive message to trick visitors into allowing it to show notifications. Usually, users open sites like nuothmen[.]com inadvertently. We discovered nuothmen.com while inspecting pages that use shady advertising networks.

What is MrWhite ransomware?

While inspecting new submissions to VirusTotal, our researchers discovered the MrWhite malicious program. It belongs to a ransomware family called VoidCrypt.

After we launched a sample of MrWhite ransomware on our test system, it encrypted files and altered their names. Original filenames were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".MrWhite" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.[MJ-JV6391270548](imsystemsavior@gmail.com).MrWhite".

Once the encryption process was completed, MrWhite created a ransom note in a text file named "Dectryption-guide.txt".

What kind of application is Breaking News?

While examining the Breaking News browser extension, we found that it displays intrusive advertisements and can read and change certain data. Apps that show ads are known as advertising-supported applications. It is common for apps of this type to be promoted and distributed using deceptive methods.

What kind of page is fixgroupfactor[.]com?

Our researchers discovered the fixgroupfactor[.]com rogue page while investigating suspicious websites. This site is considered to be a device/user threat since it is designed to promote deceptive and malicious content, push spam browser notifications, and redirect visitors to other (likely unreliable/dangerous) webpages.

Users primarily access sites like fixgroupfactor[.]com through redirects caused by pages that employ rogue advertising networks.

What is Files Downloader Assist?

Our researchers discovered the Files Downloader Assist browser extension while checking out suspicious websites. According to the extension's "official" promotional webpage, this piece of software is a download management tool. However, our inspection of Files Downloader Assist revealed that is adware. This browser extension runs intrusive advertisement campaigns and collects browsing-related data.

What kind of page is advfandom[.]com?

Our researchers discovered the advfandom[.]com rogue page during a routine inspection of untrustworthy websites. This webpage is designed to push browser notification spam; at the time of research, it did so by using fake CAPTCHA verification. Additionally, this site can redirect visitors to other (likely dubious/malicious) webpages.

Users typically enter sites like advfandom[.]com via redirects caused by pages that use rogue advertising networks.

What kind of page is advatravel[.]com?

While investigating suspicious websites, our research team discovered the advatravel[.]com rogue page. It operates by pushing browser notification spam and redirecting users to other (likely unreliable/dangerous) sites.

Most visitors to advatravel[.]com and similar webpages enter them through redirects caused by sites that use rogue advertising networks.