Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Your Email Has Been Restricted"?

We inspected this email and concluded that the scammers behind it aim to trick recipients into providing them personal information. Emails of this type are called phishing emails. This one is disguised as a letter from an email service provider. It instructs recipients to validate their identity via the provided phishing website.

What is Flying Dutchman ransomware?

During a routine inspection of new submissions to VirusTotal, our research team found and sampled the Flying Dutchman ransomware. This malicious program belongs to the Xorist ransomware family.

After we executed Flying Dutchman's sample on our test machine, it encrypted files and changed their titles. Original filenames were appended with an extension comprising random characters, e.g., a file initially named "1.jpg" appeared as "1.jpg.4810429", etc.

Once the encryption process was finished, this ransomware changed the desktop wallpaper and created a text file titled either "РАСШИФРОВАТЬ ФАЙЛЫ.txt" or "ДЕШИФРАТОР.txt" (depending on the program's variant). Both the wallpaper and text file contained identical ransom notes in Russian.

What kind of scam is "Gold Fields Bullion Limited"?

We examined this email and learned that it is a fake congratulatory letter from a company named "Gold Fields Bullion Limited" (there is a real gold mining company called Gold Fields Limited). Scammers behind this email attempt to trick recipients into believing that they have won an award. They encourage recipients to review the attachment (an image) for more information.

What kind of application is WiredBlank?

While inspecting the WiredBlank application, we learned that it shows advertisements. Apps that show ads are classified as adware (advertising-supported software. In most cases, adware is promoted and distributed using deceptive methods (e.g., scare tactics and fake installers). Our team discovered WiredBlank on a deceptive website.

What is Dkey ransomware?

While inspecting new malware submissions to VirusTotal, our researchers came upon the Dkey ransomware-type program. It belongs to the Dharma ransomware family, and it is designed to encrypt data and demand payment for decryption.

Once executed on our test system, Dkey began encrypting files and altering their filenames. Original titles were appended with a unique ID, the cyber criminals' email, and a ".dkey" extension. For example, a file named "1.jpg" appeared as "1.jpg.id-9ECFA84E.[Daniel22key@aol.com].dkey".

After this process was completed, the ransomware displayed a pop-up window and created a text file - "FILES ENCRYPTED.txt" - on the desktop.

What is NetSearchPanel?

While inspecting new submissions to VirusTotal, our research team found a rogue application named NetSearchPanel. Following our analysis of this application, we determined that it operates as adware. It is pertinent to mention that NetSearchPanel is part of the AdLoad malware family.

What kind of page is nidescar[.]com?

Nidescar[.]com is a rogue site designed to deceive visitors into enabling spam browser notification delivery. It is also capable of redirecting them to various (likely untrustworthy/malicious) websites.

Users typically access such webpages through redirects caused by sites that use rogue advertising networks. Our researchers discovered nidescar[.]com while inspecting websites of this kind.

What is Solo (VoidCrypt) ransomware?

Our research team discovered the Solo ransomware-type program during a routine investigation of new submissions to VirusTotal. This piece of malicious software is part of the VoidCrypt ransomware family.

After we executed a sample of Solo (VoidCrypt) on our testing system, it encrypted files and modified their titles. Original filenames were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".solo" extension. For example, a file named "1.jpg" appeared as "1.jpg.(CW-DV6109742358)(decryptionfiles@gmail.com).solo" following encryption.

Once this process was completed, the ransomware dropped a ransom-demanding message titled "unlock-info.txt" onto the desktop.

What kind of page is newadsfit[.]com?

While inspecting dubious websites, our researchers found the newadsfit[.]com webpage. It operates by attempting to trick visitors into allowing spam browser notification delivery. Additionally, this site can redirect users to other (likely untrustworthy/dangerous) websites.

Most visitors to pages like newadsfit[.]com access them through redirects caused by sites using rogue advertising networks.

What kind of website is topmusicalcomedy[.]com?

After examining topmusicalcomedy[.]com, our team found that it is one of the deceptive pages designed to lure visitors into agreeing to receive notifications from it. We also found that topmusicalcomedy[.]com can redirect visitors to other untrustworthy websites. We discovered this site while inspecting pages that use rogue advertising networks.