Virus and Spyware Removal Guides, uninstall instructions

What is Anon_by ransomware?

While checking out new submissions to VirusTotal, our research team discovered a ransomware-type program called Anon_by. Malware within this classification encrypts data and demands ransoms for the decryption tools.

After we launched a sample of this ransomware on our test machine, it began encrypting data and appended their filenames with a ".anon_by" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.anon_by", "2.png" as "2.png.anon_by", etc.

Following the completion of the encryption process, Anon_by dropped a text file named "anon_by.txt" onto the desktop. This ransomware also changed the desktop wallpaper.

What kind of page is daphomost[.]com?

Our team examined daphomost[.]com and learned that it shows a deceptive message (uses a clickbait technique) to lure visitors into allowing it to display notifications. It was also found that daphomost[.]com redirects to other untrustworthy pages. This is an untrustworthy page that should be ignored and never allowed to show notifications.

What kind of scam is "Your Wages Monthly Activity Statement"?

Our team has investigated this email and found that it is sent by scammers who seek to lure recipients into providing sensitive information. It contains a link to a deceptive website asking to provide login credentials. Such emails are called phishing emails.

What kind of malware is Feg?

Feg is one of the Xorist ransomware variants. It encrypts files and renames them (by appending the ".feg" extension to filenames). Also, Feg creates a ransom note (the "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" file) and displays a pop-up window with the same text as the ransom note.

Our malware researchers discovered Feg while inspecting samples submitted to the VirusTotal page. An example of how this ransomware modifies filenames: it renames "1.jpg" to "1.jpg.feg", "2.png" to "2.png.feg", "3.exe" to "3.exe.feg", and so forth.

What kind of page is ourbestspot[.]com?

While investigating ourbestspot[.]com, our team found that this page is designed to trick visitors into agreeing to receive notifications. Also, it redirects them to other pages. We discovered ourbestspot[.]com while examining websites that use rogue advertising networks. It is uncommon for sites like ourbestspot[.]com to be opened on purpose.

What kind of application is page styles?

page styles is one of the untrustworthy color-related applications (browser extensions) classified as adware. It can hijack a web browser to promote untrustworthy websites and inject advertisements into websites. Pages promoted via page styles adware can be designed to steal sensitive information.

What kind of malware is Bowd?

Bowd is ransomware (one of the Djvu ransomware variants). It encrypts data, appends its extension (".bowd") to filenames, and drops a ransom note (the "_readme.txt" file). We discovered Bowd while analyzing malware samples submitted to the VirusTotal site. It is known that Djvu ransomware is often distributed together with information stealers like Vidar and RedLine.

An example of how Bowd ransomware modifies filenames: it renames "1.jpg" to "1.jpg.bowd", "2.png" to "2.png.bowd", "3.exe" to "3.exe.bowd", and so forth.

What kind of malware is Bozq?

Bozq is one of the Djvu ransomware variants. It encrypts files and appends the ".bozq" extension to filenames. Also, Bozq creates the "_readme.txt" file containing a ransom note. Our team discovered this ransomware while inspecting malware samples submitted to VirusTotal. We also found that Djvu ransomware is often distributed alongside other malware (e.g., RedLine and Vidar).

An example of how Bozq renames files: it changes "1.jpg" to "1.jpg.bozq", "2.png" to "2.png.bozq", and so forth.

What kind of website is yourdevicesprotected[.]com?

While analyzing yourdevicesprotected[.]com, we found that it is a deceptive website that shows a fake warning and asks for permission to show notifications. Our team discovered yourdevicesprotected[.]com during an examination of other pages of this kind and shady advertisements. This page should be ignored.

What kind of application is Smilebox Tab?

After testing the Smilebox Tab browser extension, we found the purpose of this app is to hijack a web browser. It promotes smilebox.co (a fake search engine) by changing the settings of a web browser. It is common for browser hijackers to be promoted and distributed using shady methods. We discovered Smilebox Tab while inspecting deceptive pages.