Virus and Spyware Removal Guides, uninstall instructions

What kind of page is fasterantiviruspc[.]com?

During a routine inspection of suspicious sites, our researchers discovered the fasterantiviruspc[.]com webpage. It promotes scams and browser notification spam. At the time of research, this page ran a scam that makes false claims about visitors' devices being potentially infected with malware. Additionally, fasterantiviruspc[.]com can redirect users to other (likely unreliable/malicious sites.

Rogue webpages are most commonly accessed via redirects caused by websites that use questionable advertising networks.

What kind of website is safecaretech[.]online?

Our team has examined safecaretech[.]online and found that it is one of the many pages running the "McAfee - Your PC is infected with 5 viruses!" scam. Also, safecaretech[.]online asks for permission to show notifications. We have discovered safecaretech[.]online while browsing websites that use shady advertising networks.

What is Find My Song?

Find My Song is a rogue browser extension that we discovered while inspecting dubious software-promoting sites. This extension is presented as a tool that allows users to easily search for songs and lyrics. However, our analysis of Find My Song revealed that it operates as adware instead.

What kind of application is Supreme Adblocker?

Supreme Adblocker is promoted as an application that blocks ads in videos and websites. However, we have tested this browser extension and found that it shows advertisements. For this reason, we classified Supreme Adblocker as adware. It is common for advertising-supported apps to be downloaded and installed (or added) inadvertently.

What is HentaiLocker ransomware?

Our research team discovered the HentaiLocker malicious program while checking out new submissions to VirusTotal. This software is classified as ransomware. It operates by encrypting data and demanding payment for the decryption.

On our testing system, HentaiLocker encrypted files and renamed them with a random character string and the ".HENTAI" extension. For example, a file initially titled "1.jpg" appeared as "Mi5wbmc=.HENTAI", "2.png" as "Ni5kb2N4.HENTAI", and so on. Once this process was completed, the ransomware created a ransom note named "UNLOCKFILES.txt".

What kind of malware is BLOCKY?

BLOCKY is ransomware that blocks access to files by encrypting them. It also appends the ".locked" extension to the filenames of encrypted files, changes the desktop wallpaper, and creates the "READ_IT.txt" text file that contains a ransom note. We have discovered BLOCKY ransomware while checking the VirusTotal for recently submitted malware samples.

An example of how files encrypted by BLOCKY ransomware are renamed: "1.jpg" is renamed to "1.jpg.locked", "2.png" to "2.png.locked", and so forth.

What kind of malware is Btnw?

Btnw is the name of ransomware that our team has discovered while analyzing malware samples submitted to VirusTotal. We found that Btnw belongs to a ransomware family called Djvu. Ransomware variants belonging to this family are often distributed alongside information stealers such as RedLine and Vidar.

Btnw encrypts files, appends the ".btnw" extension to filenames, and provides a ransom note (drops the "_readme.txt" file). An example of how Btnw modifies filenames: it renames "1.jpg" to "1.jpg.btnw", "2.png" to "2.png.btnw", and so forth.

What is OperativeInfluence?

OperativeInfluence is a rogue app that our research team discovered while inspecting new submissions to VirusTotal. We determined that this application operates as adware and belongs to the AdLoad malware family.

What is LaserMacroKnowledge?

While inspecting new submissions to VirusTotal, we discovered the LaserMacroKnowledge application. After analyzing this piece of software, we determined that it is adware. It is pertinent to mention that this app is part of the AdLoad malware family.

What is Masscan ransomware?

Masscan is a ransomware-type program designed to encrypt data and demand ransoms for the decryption keys/tools. There are three variants of this malware, referred to as "F", "G", and "R".

Masscan appends the encrypted files with an extension differing by a letter between the ransomware versions, e.g., ".masscan-F-ID", ".masscan-G-ID", and ".masscan-R-ID". To elaborate, we tested all three Masscan variants, and on our testing machine, a file originally titled "1.jpg" appeared as "1.jpg.masscan-F-f1344afa, "1.jpg.masscan-G-f1344afa", and "1.jpg.masscan-R-f1344afa".

It must be mentioned that this ransomware also attempts to encrypt the shared system network and connected flash drives. Additionally, Masscan deletes the Volume Shadow Copies.

After the encryption process is completed, ransom notes titled "RECOVERY INFORMATION !!!.txt" are dropped onto the desktop and into all affected folders.

Masscan has been observed being used in attacks leveraged against various companies in Korea, Czech Republic, USA, and Vietnam.