Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Zatp?

Zatp is ransomware that belongs to the Djvu family. Our malware researchers discovered Zatp while checking the VirusTotal page for recently submitted samples. We found that Zatp encrypts files and appends its extension (".zatp") to filenames. Also, it drops the "_readme.txt" file that contains a ransom note.

It is important to mention that Djvu ransomware is often distributed with information stealers like Vidar and RedLine. An example of how files encrypted by Zatp ransomware are renamed: "1.jpg" is renamed to "1.jpg.zatp", "2.png" to "2.png.zatp", "3.doc" to "3.doc.zatp", and so forth.

What is bDAT ransomware?

bDAT is a piece of malicious software categorized as ransomware. We discovered this program while inspecting new submissions to VirusTotal. It is noteworthy that bDAT is part of the Dharma ransomware family.

After we executed a sample of bDAT on our test machine, it began encrypting files and appended their filenames with a unique ID, the cyber criminals' email address, and a ".bDAT" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.id-9ECFA84E.[bkpdata@msgsafe.io].bDAT".

Once the encryption process was completed, this ransomware created/displayed ransom-demanding messages in a pop-up window and text file named "info.txt".

What kind of malware is Zate?

Zate is one of the Djvu ransomware variants. It makes files inaccessible by encrypting them and renames files by appending its extension (".zate") to their filenames. Also, Zate drops its ransom note, a text file named "_readme.txt". Threat actors have been observed distributing Djvu ransomware alongside various information stealers (e.g., RedLine or Vidar).

Our team discovered this Djvu variant while inspecting malware samples submitted to VirusTotal. An example of how Zate renames files: it changes "1.jpg" to "1.jpg.zate", "2.png" to "2.png.zate", and so forth.

What kind of page is alltimesecuritysystem[.]live?

Alltimesecuritysystem[.]live is the address of a rogue webpage that our researchers discovered while looking through untrustworthy sites. It is designed to promote scams, push spam browser notifications, and redirect visitors to different (likely dubious/malicious) websites. Most users enter such pages via redirects caused by sites that use rogue advertising networks.

What is Dom ransomware?

Dom is a ransomware-type program that our research team discovered while checking out new submissions to VirusTotal. Programs of this kind operate by encrypting data and demanding payment for the decryption tools.

Once we executed a sample of Dom on our test machine, it began encrypting files and changed their titles. Original filenames were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".dom" extension. For example, a file titled "1.jpg" appeared as "1.jpg.[c44fb759f0].[dekrypt666@onionmail.org].dom".

Afterwards, Dom ransomware dropped a ransom-demanding message titled "ENCRYPTED.txt" onto the desktop.

What kind of page is newspoldays[.]site?

While inspecting untrustworthy sites, our researchers discovered the newspoldays[.]site rogue webpage. It pushes browser notification spam with the use of fake CAPTCHA, and newspoldays[.]site can redirect users elsewhere (likely unreliable/malicious websites).

Most visitors to notification-spam-promoting sites access them via redirects caused by pages that use rogue advertising networks.

What kind of malware is Inlock?

Inlock is ransomware that encrypts files, appends the ".inlock" extension to filenames, changes the desktop wallpaper, and creates the "READ_IT.txt" file that contains a ransom note. The purpose of Inlock is to prevent victims from accessing their files. Our team discovered this ransomware while inspecting malware samples submitted to VirusTotal.

An example of how Inlock ransomware renames files: it changes "1.jpg" to "1.jpg.inlock", "2.png" to "2.png.inlock", "3.txt" to "3.txt.inlock", and so forth.

What is "Mobile apps Group"?

Mobile apps Group is an adware family targeting Android operating systems. The name is based on the developer account on Google Play - from which the adware-type apps originate. Said account has been noted for previous questionable/malicious activity and has over one million app downloads to its name.

At the time of writing, four applications belonging to this family were available on the Google Play Store; their titles being: "Bluetooth Auto Connect", "Driver: Bluetooth, Wi-Fi, USB", "Bluetooth App Sender", and "Mobile transfer: smart switch".

What kind of application is ActiveAnalyzer?

While inspecting ActiveAnalyzer application, our team observed that it shows annoying advertisements. Software that shows ads on computers is called adware. We discovered ActiveAnalyzer after using a fake installer (disguised as the installer for Adobe Flash Player) downloaded from a deceptive website.

What is AdvantageMethod?

AdvantageMethod is a piece of rogue software that our researchers found while investigating new submissions to VirusTotal. After we inspected this application, we determined that it operates as adware. It is noteworthy that AdvantageMethod is part of the AdLoad malware family.