Virus and Spyware Removal Guides, uninstall instructions

What is ORCA ransomware?

Our research team discovered the ORCA ransomware while investigating new malware submissions to VirusTotal. This malicious program belongs to the ZEPPELIN ransomware family.

When we executed a sample of ORCA on our test system, it began encrypting files and altered their titles. Original filenames were appended with the ".ORCA.victim's_ID" extension, e.g., a file named "1.jpg" appeared as "1.jpg.ORCA.1D1-617-F3E", and so on.

After the encryption process was finished, ORCA created a ransom note - "HOW_TO_RECOVER_DATA.hta" - on the desktop. It is noteworthy that this ransomware employs double extortion tactics.

What kind of application is Secure Text Search?

While testing the Secure Text Search browser extension, we noticed that it displays intrusive advertisements. Apps that display unwanted ads are called advertising-supported apps (or adware). Typically, users download and install adware on computers (or add it to browsers) without knowing that it shows ads. We discovered Secure Text Search on a deceptive page.

What is search-tap.com?

While testing the search-tap.com search engine, our team discovered that it includes advertisements in its results and generates questionable results. Thus, search-tap.com should not be used to browse the Internet. Typically, questionable (or fake) search engines are promoted by browser hijackers that modify the web browser's settings.

What is Trochilus?

Trochilus is a piece of malicious software classified as a RAT (Remote Access Trojan). This type of malware operates by enabling remote access/control over infected devices.

Trochilus has been around for a while, and it was even available on the GitHub software repository. However, new and updated versions of this RAT have been discovered. There is evidence suggesting that this trojan is in use by a Chinese threat actor for cyber-espionage purposes.

What kind of page is webdatasecuritycenter[.]com?

While examining the webdatasecuritycenter.com page, we discovered that it is an untrustworthy page running a scam similar to "McAfee Total Protection - Your PC Might Be Infected With viruses!". It also asks visitors for permission to show notifications. Our team found webdatasecuritycenter.com while inspecting websites that use rogue advertising networks.

What is Deed RAT?

Deed is a RAT-type malware. RATs (Remote Access Trojans) are designed to allow for remote access and control over infected devices. These trojans tend to have a broad range of malicious functionalities and are considered to be especially dangerous.

It has to be mentioned that Deed RAT has been around for a long time, but a resurgence in activity has been observed at the time of writing. The recent Deed RAT variants have been improved upon by the latest users, which are believed to be Chinese threat actors dealing in cyber-espionage.

What is givemeanswers.net?

While inspecting the givemeanswers.net search engine, we found that it places advertisements in its search results. It may also generate misleading results (promote shady pages). Typically, search engines like givemeanswers.net are promoted by browser hijackers. Users rarely add browser hijackers to browsers on purpose.

What is the 9002 RAT?

9002 is the name of a Remote Access Trojan (RAT). Malware within this classification enables remote access/control over infected machines.

Current 9002 RAT activity is associated with Chinese threat actors dealing in cyber-espionage. This malicious program has been around for years - however, its newest iterations have been improved and successfully used in geopolitically motivated cybercrime.

What kind of application is Parental Url Blockers?

While examining the Parental Url Blockers browser extension, we learned that it displays intrusive advertisements. Software designed to show ads is called adware. Typically, it is promoted/distributed using deceptive methods. Our team discovered Parental Url Blockers on a deceptive website requesting to add it to a web browser.

What is dailyguides.com?

After testing dailyguides.com, we found that it is an untrustworthy search engine that generates questionable results (including advertisements). Also, dailyguides.com shows deceptive notifications. Typically, search engines like dailyguides.com are promoted by browser hijackers.