Virus and Spyware Removal Guides, uninstall instructions

What is Yguekcbe ransomware?

Yguekcbe is a ransomware that we found while inspecting new submissions to VirusTotal. Additionally, it is worth mentioning that this program is part of the Snatch ransomware family.

On our testing system, Yguekcbe encrypted files and appended their names with a ".yguekcbe" extension. For example, a file initially titled "1.jpg" as "1.jpg.yguekcbe", "2.png" as "2.png.yguekcbe", etc.

After the encryption process was finished, Yguekcbe dropped a ransom note - "HOW TO RESTORE YOUR FILES.TXT" onto the desktop. Based on the message within this file, we can determine Yguekcbe ransomware targets companies instead of home users.

What is AcridRain?

AcridRain is the name of a stealer, a type of malware designed to extract sensitive information from victims' devices. Like many programs of this type, AcridRain can obtain data from browsers and various other applications. However, this stealer is also heavily focused on cryptocurrency-related content.

It is noteworthy that AcridRain has been actively proliferated through variously disguised malicious websites.

What kind of software is MainSignSearch?

MainSignSearch is an untrustworthy application distributed via a deceptive page. Our team discovered MainSignSearch after using a fake installer. While examining this app, we found that it displays unwanted advertisements. Therefore, we classified MainSignSearch as adware.

What is Typhon?

Typhon is a stealer-type malware written in the C# programming language. Newer versions of this program are called Typhon Reborn (TyphonReborn). Malware within this classification is designed to extract data from infected systems. The older variants of Typhon have a broader range of functionalities, while Typhon Reborn versions are streamlined stealers.

What kind of page is qhelp[.]cc?

While investigating scam emails (e.g., "Geek Squad Email Scam"), we discovered qhelp[.]cc - a scam website used to obtain remote access to computers. Scammers use qhelp[.]cc to trick visitors into installing remote access software via the downloaded "SupportClient.exe" file. Typically, scammers use such software to inject malware, steal sensitive information, etc.

What kind of page is homecarelesspower[.]click?

Homecarelesspower[.]click is a rogue webpage that our researchers discovered while inspecting unreliable sites. This page runs scams, promotes spam browser notifications, and redirects visitors to other (unreliable/harmful) websites.

Most users access webpages like homecarelesspower[.]click via redirects caused by sites using rogue advertising networks.

What kind of page is yt2conv[.]com?

Yt2conv[.]com is a website that offers to convert YouTube links to downloadable MP3 audio files. In addition to this service breaking copyright laws, this site uses rogue advertising networks which are known to promote deceptive and malicious content.

What is Search-Zone?

While inspecting deceptive sites, our research team discovered one endorsing the Search-Zone browser extension. After analyzing this piece of software, we learned that it operates as a browser hijacker. Search-Zone modifies browsers in order to cause to the searchzone.xyz fake search engine.

What is "Invoices Copies Are Not Clear" email virus?

After examining this email, our team found that it was sent by cybercriminals who aim to trick recipients into infecting their computers with malware via malicious attachments. Threat actors claim that files attached to the email are invoices. The type of malware that is distributed via those files is currently unknown.

What kind of application is EssentialModule?

While surfing deceptive pages, we discovered an application called EssentialModule. Our team tested this app and found that it displays annoying advertisements. Thus, we classified EssentialModule as adware. It is worth mentioning that users do not normally download and install adware knowingly.