Virus and Spyware Removal Guides, uninstall instructions

What is OkHacked ransomware?

Our researchers found the OkHacked ransomware during a routine inspection of new submissions to VirusTotal. This malicious program is based on the Chaos ransomware, and it is designed to encrypt data and demand payment for the decryption.

After we executed a sample of OkHacked on our test machine, it encrypted files and appended their names with the ".okhacked" extension. For example, an original filename like "1.jpg" appeared as "1.jpg.okhacked", "2.png" as "2.png.okhacked", etc.

Once this process ended, a ransom note - "read_it.txt" - was created, and OkHacked ransomware also changed the desktop wallpaper.

What is Netlock?

Netlock is ransomware designed to encrypt files, append the ".netlock" extension to filenames, and create the "how_to_back_files.html" file that contains a ransom note. Our team discovered Netlock while examining samples submitted to the VirusTotal page. We also found that Netlock is part of the MedusaLocker ransomware family.

An example of how Netlock ransomware renames encrypted files: it changes "1.jpg" to "1.jpg.netlock", "2.png" to "2.png.netlock", "3.exe" to "3.exe.netlock", and so forth. The extensions may also include digits (e.g., ".netlock8").

What kind of email is "PayPal - Your Order Is Already Processed"?

After inspecting the "PayPal - Your Order Is Already Processed" email, we determined that it is spam. This fake email is presented as a notification from PayPal informing the recipient of a successfully processed order. This mail aims to trick users into calling the provided telephone number and entangle them in a meandering scam.

It must be emphasized that these emails are in no way associated with the actual PayPal Holdings, Inc.

What kind of application is NativeSimply?

While testing the NativeSimply application, our team learned that it generates intrusive advertisements to promote various websites and apps. Software that shows ads is called adware (or advertising-supported software). We discovered NativeSimply after using a fake installer downloaded from a shady page.

What kind of page is sopuw[.]click?

While examining sopuw[.]click, we learned that it promotes legitimate software in a deceptive way (it displays fake virus warnings) and asks for permission to show notifications. Our team discovered sopuw[.]click while inspecting websites that use rogue advertising networks. Users rarely visit pages like sopuw[.]click on purpose.

What kind of application is LegionSuites?

LegionSuites is an application that generates revenue for its developer by bombarding users with various advertisements. Software of this type is called adware. We discovered LegionSuites after examining a fake installer that is supposed to update the Adobe Flash Player.

What is fastholidayshopping.com?

Fastholidayshopping.com is the address of an illegitimate search engine. Websites of this kind are typically promoted by browser hijackers. This software makes changes to browser settings in order to cause redirects to fake search engines (e.g., fastholidayshopping.com). Furthermore, browser-hijacking software and the sites they push - tend to collect private information.

What kind of email is "Funding Commitments To Fight COVID-19"?

Our inspection of the "Funding Commitments To Fight COVID-19" email swiftly revealed that it is spam. This letter states that the recipient has been randomly selected as a beneficiary of a huge grant. This scam is presented as a "funding commitment" of the Bill & Melinda Gates Foundation as part of its work concerning the COVID-19 pandemic.

It must be emphasized that this email is fake, and it is in no way associated with the actual Bill & Melinda Gates Foundation or any other legitimate entities or persons.

What kind of page is fynweb[.]com?

Fynweb[.]com is a rogue site that our researchers discovered during a routine inspection of questionable websites. This page uses deception to trick visitors into allowing it to deliver browser notification spam. Additionally, it is capable of redirecting visitors elsewhere (likely unreliable/dangerous sites).

Most users enter fynweb[.]com and similar webpages through redirects caused by sites using rogue advertising networks.

cWhat kind of software is FLB Music?

FLB Music is one of the ChromeLoader malware variants. It is an advertising-supported application disguised as a media player. It generates unwanted advertisements and enables the malware to load modules for network communication and DHCP snooping. Our team discovered the FLB Music application after downloading an ISO file from a deceptive page.