Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Maos?

Our team has discovered a new Djvu ransomware variant called Maos while examining malware samples submitted to the VirusTotal site. Maos encrypts files and appends the ".maos" extension to filenames. It also provides a ransom note (creates a text file named "_readme.txt").

An example of how Maos renames files: it changes "1.jpg" to "1.jpg.maos", "2.png" to "2.png.maos", and so forth. Cybercriminals often use information stealers like Vidar and RedLine to obtain sensitive information before encrypting files with Djvu ransomware.

What kind of malware is Manw?

Manw is ransomware belonging to the Djvu family. We discovered Manw while examining malware samples submitted to VirusTotal. After testing the sample, we learned that Manw encrypts files and appends the ".manw" extension to their filenames. Also, it drops the "_readme.txt" file - a ransom note containing contact and payment information.

An example of how Manw renames files: it changes "1.jpg" to "1.jpg.manw", "2.png" to "2.png.manw", and so forth. Before encrypting files with Djvu ransomware, cybercriminals often use malware like RedLine or Vidar to steal sensitive information from users.

What kind of application is Simple AdBlock?

After downloading and adding the Simple AdBlock browser extension, we learned that it has parameters of advertising-supported software - it displays annoying advertisements. We discovered Simple AdBlock on a questionable website. It is worth mentioning that most users download and install adware inadvertently.

What is Clean Notifications?

Clean Notifications is the name of a rogue browser extension. It operates by modifying browser settings in order to cause redirects to the cleannotifications.com fake search engine. Additionally, this extension spies on users' browsing activity. Due to this behavior, Clean Notifications is classified as a browser hijacker.

What is MomentTech?

Our research team discovered the MomentTech app during a routine inspection of new submissions to VirusTotal. After inspecting this application, we determined that it operates as advertising-supported software (adware). It is pertinent to mention that MomentTech belongs to the AdLoad malware family.

What kind of page is opposeetwo[.]xyz?

We have examined opposeetwo[.]xyz and learned that it is a deceptive site that runs the "You've visited illegal infected website" scam and asks for permission to show notifications. Our team discovered opposeetwo[.]xyz while inspecting websites that use rogue advertising networks (redirect visitors to shady sites and show dubious ads).

What kind of browser extension is "Sites usage"?

Sites usage is the name of a rogue browser extension that our research team discovered while investigating deceptive software-promoting websites. This extension is presented as a tool that can provide website usage and maliciousness data. However, our inspection of Sites usage revealed that it operates as adware.

What kind of application is Stop AdBlocker?

We have tested the Stop AdBlocker browser extension and found that it operates as an advertising-supported application. It displays intrusive advertisements. Also, Stop AdBlocker can read and change data on all websites. We have discovered Stop AdBlocker on a shady web page.

What is Allock ransomware?

While inspecting new submissions to VirusTotal, our researchers discovered the Allock ransomware. This malicious program is part of the MedusaLocker ransomware family.

After a sample of Allock was executed on our testing system, it encrypted files and appended their filenames with a ".allock8" extension. To elaborate, a file originally named "1.jpg" appeared as "1.jpg.allock8", "2.png" as "2.png.allock8", etc. It is noteworthy that the number in the extension can vary based on the ransomware's iteration.

Once the encryption process was concluded, the Allock ransomware dropped a ransom note titled "how_to_back_files.html" onto the desktop. The text presented in this message makes it clear that this ransomware targets companies rather than home users.

What kind of malware is Sxn?

Sxn is ransomware - malware that blocks access to files by encrypting them. Unlike most ransomware variants, Sxn does not append its extension to the filenames of encrypted files. However, it drops 26 files with no data in them with the ".Locked" extension. Also, Sxn displays a pop-up window containing a ransom note.

We discovered the Sxn ransomware while examining malware samples submitted to the VirusTotal page.