Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is MNX?

MNX is one of the ransomware variants belonging to the Phobos family. We discovered MNX while checking the VirusTotal website for recently submitted malware samples. MNX encrypts files, modifies filenames, and generates two ransom notes ("info.txt" and "info.hta").

MNX appends the victim's ID, decrypt@techie.com email address, and the ".MNX" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.id[9ECFA84E-3426].[decrypt@techie.com].MNX", "2.png" to "2.png.id[9ECFA84E-3426].[decrypt@techie.com].MNX", and so forth.

What kind of page is onesoftwareupdater[.]com?

Our researchers found the onesoftwareupdater[.]com rogue webpage while looking through untrustworthy sites. This page promotes browser notification spam and can redirect visitors to other (likely dubious/malicious) websites. At the time of research, onesoftwareupdater[.]com used fake CAPTCHA verification to trick users into enabling the browser notification delivery. Most users access such pages via redirects caused by sites that use rogue advertising networks.

What kind of application is Omni Convert - Search Settings for Omnibar?

We tested the Omni Convert - Search Settings for Omnibar browser extension and found that it promotes a fake search engine. This app promotes app.clipconverter.site. It does that by hijacking a web browser (by changing its settings). We discovered Omni Convert - Search Settings for Omnibar on a deceptive website.

What is Canvas Tab?

While inspecting dubious websites, our research team discovered Canvas Tab's "official" promotional page. This software is a browser extension endorsed as a tool capable of allowing users to draw on new browser tabs and save the created artwork. However, our inspection of Canvas Tab revealed that it operates as a browser hijacker and promotes the srchingot.com fake search engine.

What kind of scam is "Annual Email Version Upgrade"?

We have inspected this email and found that it is sent by scammers who aim to lure recipients into providing personal information. Scammers behind this email use a phishing page to extract information. They disguised the email as a letter from an email service provider.

What is weather-in.xyz?

Weather-in.xyz is the address (URL) of a fake search engine promoted using Weather In browser hijacker. Typically, websites of this kind are promoted by software classified as browser hijackers. They modify browser settings in order to cause redirects to illegitimate search engines. Additionally, browser-hijacking software often spies on users' browsing activity.

Like most sites of this kind, weather-in.xyz cannot provide search results (thus redirects to legitimate search engines) and likely collects visitor data.

What kind of application is Super-Newtab?

While examining Super-Newtab, we discovered that it changes the web browser's settings. Apps of this type are known as browser hijackers. Most browser hijackers promote fake search engines. Users do not add apps of this type to browsers on purpose.

What kind of website is full-mark[.]xyz?

We inspected full-mark[.]xyz and learned that the purpose of this page is to trick visitors into agreeing to receive notifications. It uses a clickbait technique (displays deceptive content) as a lure. Also, full-mark[.]xyz redirects to scam websites.

What is LATCHNETWORK ransomware?

While inspecting new submissions to VirusTotal, our researchers discovered the LATCHNETWORK ransomware-type program. It is pertinent to mention that this malicious program is part of the MedusaLocker ransomware family.

After we executed a sample of LATCHNETWORK on our test machine, it encrypted files and altered their filenames. To elaborate, original names were appended with a ".LATCHNETWORK3" extension (note that the number in this extension may vary based on the ransomware's variant), e.g., a file titled "1.jpg" appeared as "1.jpg.LATCHNETWORK3", and so on.

Once this process was finished, a ransom note - "how_to_back_files.html" - was dropped onto the desktop. The text presented in this message makes it evident that LATCHNETWORK targets companies rather than home users.

What kind of malware is Vohuk?

Vohuk is ransomware that prevents victims from accessing files by encrypting them. Also, it replaces filenames with a string of random characters and appends the ".Vohuk" extension to them, changes the desktop wallpaper, and drops the "README.txt" file. The dropped text file contains a ransom note.

An example of how Vohuk renames files: it changes "1.jpg" to "6DMHR6wFs.Vohuk", "FSvaiV2ga.Vohuk", adn so forth.