Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Bpto?

Bpto is a ransomware variant belonging to the Djvu family. We discovered Bpto while examining malware samples submitted to the VirusTotal page. Bpto encrypts data, appends its extension (".bpto") to filenames, and drops its ransom note (the "_readme.txt" file).

An example of how Bpto modifies filenames: it renames "1.jpg" to "1.jpg.bpto", "2.png" to "2.png.bpto", and so forth. Since Bpto is part of the Djvu family, it could be distributed alongside RedLine, Vidar, and other information stealers.

What kind of malware is Bpws?

While inspecting malware samples submitted to VirusTotal, we discovered a Djvu ransomware variant dubbed Bpws. This variant encrypts files and appends the ".bpws" extension to filenames. Also, Bpws drops its ransom note (the "_readme.txt") file.

Since Bpws is part of the Djvu ransomware, it may be distributed alongside RedLine, Vidar, or other information-stealing malware. An example of how Bpws modifies filenames: it renames "1.jpg" to "1.jpg.bpws", "2.png" to "2.png.bpws", and so forth.

What kind of page is dozefive[.]xyz?

While investigating suspicious webpages, our researchers found dozefive[.]xyz. This rogue page is designed to promote scams and browser notification spam. Furthermore, it can redirect users to different (likely unreliable/hazardous) websites.

Most visitors to dozefive[.]xyz and webpages akin to it – enter them via redirects caused by sites using rogue advertising networks.

What kind of application is Sticky Notes?

While testing the Sticky Notes application, we found that it is an extension that functions as a browser hijacker. It hijacks a web browser by changing its settings to promote finddbest.com - a fake search engine. It is uncommon for apps of this type to be added to browsers intentionally. Our team discovered Sticky Notes on a deceptive page.

What kind of email is "United Nations - Abandoned Shipment"?

After inspecting the "United Nations - Abandoned Shipment" email, we determined that it is spam. The letter is supposedly from a "Head Officer in Charge" and claims that a consignment intended for the recipient failed to reach them due to improper documentation and unpaid fees. The shipment consists of two trunks filled with cash, which the recipient can still claim if they verify their identity and pay what is due.

It must be emphasized that all the information provided by this email is false and intended to trick recipients into disclosing private data and transferring money to the scammers.

What kind of scam is "Next Of Kin"?

We have examined this email and determined that it is used to trick unsuspecting recipients into parting with their money in an inheritance scam. It offers to share the unclaimed funds of a supposedly deceased person. We also found that there are at least two versions of this scam email.

What is CatB ransomware?

CatB is a ransomware-type program. It encrypts data and demands payment for the decryption. While testing this ransomware, we learned that it does not alter the filenames of encrypted files - an uncommon occurrence in these types of infections.

CatB inserts ransom notes at the beginning of each encrypted file. Hence, the message appears when an encrypted file is opened. Additionally, it is clear from the notes that CatB ransomware targets companies rather than home users.

What kind of malware is Pupy?

Pupy is the name of an open-source Remote Administration Trojan (RAT) written in Python. Malware of this type is used to gain remote control of a target computer. Threat actors have been observed using a legitimate a process that reports errors in Windows (and Windows applications) to distribute Pupy.

What is Cyclops ransomware?

Cyclops is the name of a malicious program classified as ransomware. This malware is designed to encrypt data and demand ransoms for its decryption.

After being launched on our test system, Cyclops ransomware began encrypting files. Typically, the affected files are renamed (often by being appended with a specific extension); however, that is not the case with Cyclops infections. Once the encryption process was concluded, this ransomware first displayed a pop-up followed by a Command Prompt (cmd.exe/cmd) window. The latter contained the ransom note.

What kind of malware is MintStealer?

MintStealer (also known as Mint Stealer) is an information stealer targeting web browsers, messengers, mail clients, VPN clients, game sessions, and more. It is used to extract sensitive data. MintStealer is being sold as Malware-as-a-service (MaaS). Other cybercriminals can purchase MintStealer for $8 per week, $30 per month, and $75 for three months.