Virus and Spyware Removal Guides, uninstall instructions

What is Darknes?

Darknes is a rogue browser extension that is promoted as a tool capable of enabling dark mode for simple design websites. Our researchers discovered this piece of software while inspecting questionable download webpages. After analyzing Darknes, we determined that it operates as adware.

What is Baseball Start?

While inspecting dubious software-promoting webpages, our research team discovered the Baseball Start browser extension. It promises easy access to baseball news and other related content. Our analysis of this piece of software revealed that it operates as a browser hijacker. Baseball Start modifies browsers to promote the nstart.online fake search engine.

What is Bl00dy ransomware?

Bl00dy is the name of a ransomware-type program, which our researchers discovered while looking through new malware submissions to VirusTotal. This malicious program is part of the Babuk ransomware family.

Once a sample of Bl00dy was executed on our testing system, it started encrypting files and appended their names with a ".bl00dy" extension. For example, an original filename like "1.jpg" appeared as "1.jpg.bl00dy", "2.png" as "2.png.bl00dy", and so forth.

After the encryption was completed, the ransomware dropped a text file titled "How To Restore Your Files.txt" onto the desktop. This file contained the ransom note, which made it evident that Bl00dy targets companies rather than home users. Additionally, this malicious software used double extortion tactics.

What kind of software is Cash?

Our researchers discovered the Cash rogue application while inspecting suspicious installers. After analyzing this app, we learned that it is advertising-supported software (adware).

What is Mmdt ransomware?

Our research team discovered the Mmdt malicious program during a routine inspection of new submissions to VirusTotal. Mmdt is classified as ransomware, and it is part of the Djvu malware family.

When we launched a sample of this ransomware on our test system, it began encrypting files and appended their filenames with a ".mmdt" extension. For example, a file named "1.jpg" appeared as "1.jpg.mmdt", "2.png" as "2.png.mmdt", etc. Afterwards, a ransom-demanding message titled "_readme.txt" was created.

What is Weekly Hits?

While inspecting rogue software installers, our researchers discovered the Weekly Hits browser extension. This extension promises to allow users to quickly access the most searched song lyrics of the week. After analyzing this piece of software, we determined that it is a browser hijacker promoting the weeklyhits.xyz fake search engine.

What is Zanubis?

Zanubis is a piece of malicious software classified as a banking trojan. This malware targets Android Operating Systems (OSes). The primary function of this program is to stealthily obtain online banking account credentials and gain access to the funds stored therein. Zanubis targets Latin American banks, particularly those based in Peru.

What kind of page is flowerself[.]xyz?

While checking out suspicious webpages, our researchers found the flowerself[.]xyz rogue site. It promotes spam browser notifications and redirects users to other (likely unreliable/malicious) websites. Visitors to flowerself[.]xyz and pages akin to it - typically access them via redirects caused by sites that use rogue advertising networks.

What kind of email is "2022 FIFA Lottery Award"?

The "2022 FIFA Lottery Award" email is spam. Our inspection of a letter belonging to this spam campaign revealed that it operates as a phishing scam. This fake email attempts to extract recipients' private data by claiming they have won a lottery. It must be emphasized that this spam mail is in no way associated with either FIFA or the FIFA World Cup.

What is Mmvb ransomware?

Mmvb is a piece of malicious software categorized as ransomware. Our research team discovered this program during a routine investigation of new submissions to VirusTotal. Mmvb is part of the Djvu ransomware family.

Once we executed a sample of this ransomware on our test machine, it began encrypting files. The filenames of those affected were appended with a ".mmvb" extension. For example, a file named "1.jpg" appeared as "1.jpg.mmvb", "2.png" as "2.png.mmvb", etc. Afterward, a ransom-demanding message - "_readme.txt" - was created.