Virus and Spyware Removal Guides, uninstall instructions

What kind of page is webaddictremind[.]xyz?

Webaddictremind[.]xyz is the address of a rogue website designed to run scams, promote spam browser notifications, and redirect visitors to other (likely unreliable/dangerous) pages.

Our researchers discovered the webaddictremind[.]xyz webpage while inspecting sites that use rogue advertising networks. In fact, most users access such webpages via redirects caused by websites that use such advertising networks.

What is Download Checker?

While investigating deceptive websites, our researchers discovered the Download Checker browser extension. It is promoted as a tool for testing Internet speed. However, our analysis of Download Checker revealed that it operates as advertising-supported software (adware) instead.

What is Worlddecoding ransomware?

During a routine inspection of new submissions to VirusTotal, we discovered the Worlddecoding malicious program that is practically identical to World2022decoding ransomware.

After we executed a sample of Worlddecoding ransomware on our testing system, it encrypted files and appended their titles with a ".worlddecoding" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.worlddecoding", "2.png" as "2.png.worlddecoding", and so on.

Following the completion of the encryption process, this ransomware created a ransom note titled "WE CAN RECOVER YOUR DATA.MHT".

What kind of application is Duplicatefinder?

While analyzing the Duplicatefinder application, our team found that it displays annoying advertisements. Apps that bombard users with ads are classified as adware. We discovered Duplicatefinder while examining a download assistant downloaded from a shady website.

What is EazyBit?

While checking out new submissions to VirusTotal, our research team discovered the EazyBit rogue application. After inspecting it, we determined that this piece of software operates as adware. We also learned that EazyBit is part of the AdLoad malware family.

What kind of malware is Rhadamanthys?

Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.

At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.

What kind of application is OneBlock?

While testing the OneBlock application, our team noticed that it displays annoying advertisements. Thus, we classified OneBlock as adware (advertising-supported software). It is common for adware to be promoted and distributed using deceptive methods. We discovered OneBlock while analyzing a page running the "Your System Is Seriously Damaged" scam.

What is "Your System Is Seriously Damaged"?

It is a fake pop-up message (a fake virus warning) displayed by a deceptive website. After examining this page, our team concluded that it uses a scare tactic to trick visitors into downloading and adding extensions to browsers (or installing untrustworthy applications on computers). We discovered this scam page while inspecting other pages of this kind.

What is District ransomware?

While checking out new submissions to VirusTotal, our researchers discovered the District ransomware. This type of malware is designed to encrypt data and demand payment for decryption.

On our test machine, District encrypted files and changed their filenames by appending them with the cyber criminals' email address and a ".district" extension. For example, a file titled "1.jpg" appeared as "1.jpg.altdelete@cock.li.district" after encryption.

Once this process was completed, the ransomware displayed a screen overlay and created a text note "READ_IT.district", both containing identical ransom notes.

What is gosearches.gg?

We have inspected gosearches.gg and found that it is a fake search engine promoted via browser hijackers. Our team has also noticed that gosearches.gg is often the final destination URL in redirect chains (e.g., gosearches.gg gets opened via searchesmia.com). It is highly advisable not to trust gosearches.gg or apps promoting it.