Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Hvzgbo?

Hvzgbo is ransomware belonging to the Snatch family. It encrypts files, appends the ".hvzgbo" extension to filenames of all encrypted files, and drops the "HOW TO RESTORE YOUR FILES.TXT" file (a ransom note). Our malware researchers discovered Hvzgbo ransomware while examining samples submitted to the VirusTotal site.

An example of how Hvzgbo modifies filenames: it renames "1.jpg" to "1.jpg.hvzgbo", "2.png" to "2.png.hvzgbo", and so forth.

What kind of page is genuinescansupport[.]com?

While analyzing genuinescansupport[.]com, we learned that it uses deceptive marketing (displays fake messages) to promote legitimate software. Also, genuinescansupport[.]com wants to show notifications. Shady pages should never be allowed to show notifications. We discovered genuinescansupport[.]com while inspecting sites that use rogue advertising networks.

What kind of malware is FateGrab?

FateGrab is the name of an information-stealing malware distributed along with another stealer called StealDeal. Threat actors deliver these malicious programs via email (they use a compromised email address for malware distribution) and messengers. Both FateGrab and StealDeal should be removed from compromised computers immediately.

What kind of malware is HARDBIT 2.0?

HARDBIT 2.0 is a new version of the HARDBIT ransomware. We discovered this version while inspecting malware samples submitted to VirusTotal. HARDBIT 2.0 encrypts data, appends a string of random characters, the victim's ID, email address, and the ".hardbit2" extension to filenames.

Also, HARDBIT 2.0 changes the desktop wallpaper and creates two ransom notes ("Help_me_for_Decrypt.hta" and "How To Restore Your Files.txt"). An example of how HARDBIT 2.0 renames files: it changes "1.jpg" to "o7pvb003x0.[id-BFEBFBFF000A0655].[godgood55@tutanota.com].hardbit2", 2.png" to "b8uyt904pH.[id-BFEBFBFF000A0655].[godgood55@tutanota.com].hardbit2", and so forth.

What kind of page is mudflised[.]com?

We have inspected mudflised[.]com and found that the purpose of this site is to lure visitors into allowing it to display/send notifications. Mudflised[.]com displays deceptive content to get that permission. Our team discovered mudflised[.]com while examining pages that use shay advertising networks.

What kind of malware is StealDeal?

StealDeal is the name of an information stealer targeting Internet browser data and possibly other information. It is known that StealDeal is delivered via a compromised email address. The file used for malware distribution injects StealDeal and another malware called FateGrab - an information stealer that targets various files.

What is ScreenConnect (ConnectWise) Client scam?

Fraudsters use all kinds of ways to extract information or money from people and distribute malicious programs via emails. This article describes cases where fraudsters use emails to trick recipients into installing ConnectWise (formerly known as ScreenConnect). This software allows threat actors to perform malicious activities on computers. The method of using legitimate remote access tools (such as TeamViewer, UltraViewer and similar) to control victim's computers is rather common among scammers, as it is easy to trick people into installing legitimate and recognizable software.

What kind of malware is RisePro?

RisePro is an information stealer that has similarities with another stealer called Vidar. It gathers sensitive data and extracts it in the form of logs. RisePro is written in the C++ programming language. Threat actors have been observed distributing RisePro via a malware downloader called PrivateLoader. The creators of RisePro are currently selling their malware via Telegram.

What kind of malware is GodFather?

GodFather is the name of an Android malware targeting online banking pages and cryptocurrency exchanges in 16 countries. It opens fake login windows over legitimate applications. Threat actors use GodFather to steal account credentials. Additionally, GodFather can steal SMSs, device information, and other data.

What kind of malware is Iswr?

Iswr is the name of a Djvu ransomware variant. We discovered it while inspecting malware samples submitted to the VirusTotal page. Iswr encrypts the victim's files, appends its extension (".iswr") to the filenames of all encrypted files, and drops its ransom note (the "_readme.txt" file).

An example of how Iswr modifies filenames: it renames "1.jpg" to "1.jpg.iswr", "2.png" to "2.png.iswr", "3.exe" to "3.exe.iswr", and so forth. It is common for ransomware belonging to the Djvu family to be distributed alongside RedLine, Vidar, and other information stealers.