Virus and Spyware Removal Guides, uninstall instructions

What kind of website is captchaglow[.]top?

Our team has inspected captchaglow[.]top and found that it is a deceptive website designed to trick visitors into agreeing to receive notifications and redirect them to other untrustworthy pages. We have discovered captchaglow[.]top while visiting sites that use shady advertising networks.

What is CryptoArch ransomware?

CryptoArch is a ransomware-type program. Malware within this category typically operates by encrypting data and making ransom demands for the decryption tools. After launching CryptoArch on our test machine, we learned that it does not encrypt files.

What this ransomware does is wipe the files – i.e., it deletes the original content and replaces it with gibberish. They become identical, with an approximate size of 10kb. The affected files from all locations are then dropped into a folder on the desktop titled "crypt".

On our testing system, the files were renamed as follows: "CryptoArch0.crypto", "CryptoArch1.crypto", "CryptoArch2.crypto", and so on. The number in the filenames stands for the modified file itself and bears no reflection of the initial title.

Once CryptoArch has concluded the data modification process, it creates a ransom note named "readme.txt".

Unlike in standard ransomware attacks, there is no possibility of data recovery – with or without the attackers' interference.

What is privatesearches.org?

We have tested privatesearches.org and found that it is a shady search engine that can show misleading results. Our team has discovered privatesearches.org after installing a fake Google Docs application downloaded from a deceptive page.

The fake Google Docs app promotes privatesearches.org by hijacking a web browser. Also, it adds the "Managed by your organization" feature to Chrome browsers.

What kind of page is arachidenews[.]com?

While checking out dubious websites, our researchers discovered the arachidenews[.]com rogue webpage. During our inspection, we found two variants of this page, both of which employed fake CAPTCHA verification to deceive visitors into enabling spam browser notification delivery. Additionally, arachidenews[.]com can redirect users to different (likely unreliable/malicious) sites.

Most visitors to webpages like arachidenews[.]com access them through redirects caused by websites using rogue advertising networks.

What is "Messages Delivery Failure"?

Our team has examined this letter and found that it is a phishing email. The fraudsters behind this scam email aim to trick recipients into opening a fake website and providing sensitive information. Thus, it is strongly recommended to ignore this scam (mark the email as spam and delete it).

What kind of page is editormoney[.]com?

We have examined editormoney[.]com and learned that it displays a deceptive message to lure visitors into agreeing to receive notifications. Also, editormoney[.]com redirects to other websites. Thus, this page cannot be trusted. Our team discovered editormoney[.]com while inspecting websites that use shady advertising networks.

What kind of email is "A Request To Disable Your Email Has Been Received"?

After inspecting "A Request To Disable Your Email Has Been Received" email, we determined that it operates as a phishing scam. Letters belonging to this campaign target email log-in credentials by falsely claiming that the account is pending deactivation.

What is "Qatar World Cup 2022 Pay-Out"?

We have inspected this email and discovered that it is written by scammers who aim to trick recipients into believing that they have won a prize and providing personal information. Thus, we classified this letter as a phishing email. It should be marked as spam and deleted.

What kind of malware is Bjrtziwsgw?

Bjrtziwsgw is one of the ransomware variants belonging to the Snatch family. Our malware researchers discovered Bjrtziwsgw while examining samples submitted to VirusTotal. Bjrtziwsgw encrypts files, appends the ".bjrtziwsgw" extension to filenames of encrypted files, and drops a ransom note (the "HOW TO RESTORE YOUR FILES.TXT" file).

An example of how Bjrtziwsgw renames files: it changes "1.jpg" to "1.jpg.bjrtziwsgw", "2.png" to "2.png.bjrtziwsgw", and so forth.

What is WorldWideProjector?

While reviewing new submissions to VirusTotal, our research team discovered the WorldWideProjector application. After analyzing this app, we learned that it operates as adware and belongs to the AdLoad malware family. WorldWideProjector displays ads and may have additional undesirable functionalities.