Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is D0ggerofficial?

D0ggerofficial is ransomware that encrypts files, appends the ".locked" extension to filenames, and displays a pop-up message containing a ransom note. Threat actors behind D0ggerofficial ransomware have one goal - to get paid for data decryption.

An example of how D0ggerofficial modifies filenames: it renames "1.jpg" to "1.jpg.locked", "2.png" to "2.png.locked", and so forth.

What kind of malware is Mnlywjzi?

Mnlywjzi is ransomware belonging to the Snatch family. Threat actors use Mnlywjzi to encrypt files and demand victims pay a ransom for their decryption. Also, Mnlywjzi renames files by appending the ".mnlywjzi" extension to filenames. It creates the "HOW TO RESTORE YOUR FILES.TXT" file that contains a ransom note.

An example of how Mnlywjzi renames files: it changes "1.jpg" to "1.jpg.mnlywjzi", "2.png" to "2.png.mnlywjzi", and so forth.

What kind of page is defendpcpro[.]xyz?

While investigating suspect websites, our researchers discovered the defendpcpro[.]xyz rogue page. It is designed to load scams, promote browser notification spam, and redirect visitors to different (likely unreliable/malicious) sites. Most users access websites like defendpcpro[.]xyz via redirects caused by others that use rogue advertising networks.

What is Files Converter Free Online?

While inspecting questionable software-promoting websites, our research team discovered the Files Converter Free Online browser extension. It is promoted as a tool for converting various file formats. However, our analysis revealed that this browser extension also operates as adware. Files Converter Free Online displays ads and tracks users' browsing activity.

What kind of page is yourdatadefencebulwark[.]live?

Yourdatadefencebulwark[.]live claims that a computer may be infected with viruses to trick visitors into purchasing antivirus software. Also, it asks for permission to show notifications. Users do not normally visit pages like yourdatadefencebulwark[.]live on purpose. Our team discovered this site while examining pages that use rogue advertising networks.

What kind of page is defendersystem[.]xyz?

Defendersystem[.]xyz is rogue page that our researchers discovered while inspecting suspicious websites. This webpage promotes scams, pushes spam browser notifications, and redirects visitors to other (likely untrustworthy/dangerous) sites. Most users enter such webpages via redirects caused by sites using rogue advertising networks.

What is CharacterGeneration?

Our researchers discovered the CharacterGeneration application while checking out new submissions to VirusTotal. After inspecting this app, we learned that it operates as advertising-supported software (adware) and is part of the AdLoad malware group.

What is RAMP ransomware?

While investigating new malware submissions to VirusTotal, our research team discovered the RAMP ransomware. On our testing system a sample of RAMP encrypted data and modified filenames.

The titles of affected files were appended with a ".terror_ramp3" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.terror_ramp3", "2.png" as "2.png.terror_ramp3", and so forth.

After the encryption process was completed, this ransomware changed the desktop wallpaper and created a ransom note titled "ramp3.txt". The message within the text file was in broken Russian, intermixed with words from other Slavic languages.

What kind of application is Planty-Search?

After downloading and adding the Planty-Search browser extension, we noticed that it changes some settings. It hijacks a web browser to promote planty-search.com - a fake search engine. Also, it can read and change bookmarks. Our team discovered Planty-Search on a deceptive website.

What kind of email is "CTM Arrangment"?

Our inspection of the "CTM Arrangment" email revealed that it is malspam - malicious spam designed to infect recipients' systems with malware.

While this fake letter is signed off by JPS Ships Supply Service - it must be emphasized that this legitimate company is in no way associated with the scam mail. The goal of this email is to deceive recipients into opening the virulent attachment, which is designed to infect devices with the LokiBot trojan.