Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Vvyu?

Vvyu is ransomware that encrypts files and modifies filenames (appends the ".vvyu" extension to filenames). We found this ransomware while examining malware samples submitted to the VirusTotal page. In addition to encrypting and renaming files, Vvyu drops the "_readme.txt" file, a ransom note. We also found that Vvyu belongs to the Djvu family.

An example of how Vvyu modifies filenames: it renames "1.jpg" to "1.jpg.vvyu", "2.png" to "2.png.vvyu", "3.exe" to "3.exe.vvyu", and so forth.

What kind of application is Diet?

Diet is the name of adware (advertising-supported software) that shows unwanted applications. Our team discovered it after inspecting an ISO file downloaded from a deceptive website. The purpose of the Diet is to display unwanted (intrusive) advertisements. This untrustworthy software should be removed from computers.

What kind of page is twithdiffer[.]xyz?

Our researcher team found the twithdiffer[.]xyz rogue site while looking through various untrustworthy webpages. This page is designed to promote spam browser notifications and redirect visitors to other (likely unreliable or malicious) sites.

Twithdiffer[.]xyz and similar webpages are usually accessed through redirects caused by websites that employ rogue advertising networks.

What kind of pages are the mo*.biz sites?

Mo*.biz is the address (URL) shared by a group of rogue websites, which include mo01[.]biz, mo02[.]biz, mo03[.]biz, mo04[.]biz, mo05[.]biz, mo06[.]biz, mo07[.]biz, and many others. These sites are designed to load deceptive content, promote browser notification spam, and redirect users to different (likely untrustworthy/malicious) webpages.

Most visitors to sites like mo*.biz enter them via redirects caused by pages using rogue advertising networks.

What is Toa ransomware?

Our research team discovered the Toa ransomware during a routine inspection. This malicious program is based on Chaos ransomware.

After we executed a sample of Toa on our testing system, it encrypted data and demanded payment for the decryption. The filenames of the affected files were appended with an extension of four random characters, e.g., "1.jpg" appeared as "1.jpg.u6ae", "2.png" as "2.png.cine", etc. Once this process was finished, Toa dropped a ransom note - "read_it.txt" onto the desktop.

What kind of website is smartcaptcha[.]top?

While analyzing pages that use rogue advertising networks, we encountered smartcaptcha[.]top - another questionable website. We learned that smartcaptcha[.]top displays a deceptive image and message to trick visitors into agreeing to receive notifications. Also, it redirects visitors to various scam websites.

What kind of application is BridgePro?

BridgePro is the name of an application that we discovered on a deceptive web page claiming that the installed version of Adobe Flash Player is out of date. After downloading and testing BridgePro, we found that it is an useless application that shows annoying advertisements. Therefore, we classified BridgePro as adware.

What is RedAlert (N13V) ransomware?

RedAlert (N13V) is a piece of malicious software classified as ransomware, a type of malware designed to encrypt data and demand payment for the decryption. This ransomware is a cross-platform program, the Windows variant is referred to as RedAlert, while the Linux VMware ESXi server targeting version is called N13V.

When we executed a sample of RedAlert (N13V) on our test machine, it encrypted files and appended their filenames with a ".crypt[number]" extension. For example, a file titled "1.jpg" appeared as "1.jpg.crypt416", etc.

Following the completion of this process, RedAlert (N13V) ransomware created a ransom note named "HOW_TO_RESTORE.txt". The message within this file indicated that this ransomware targets companies rather than home users. Additionally, RedAlert (N13V) uses double extortion tactics.

What kind of malware is Readnet?

Readnet is ransomware that our team discovered while inspecting malware samples submitted to the VirusTotal page. We found that Readnet is part of the MedusaLocker ransomware family. The purpose of ransomware is to encrypt files. Also, Readnet renames files by appending the ".Readnet7" extension to filenames (the number may vary) and drops a ransom note (the "HOW_TO_RECOVER_DATA.html" file).

An example of how Readnet ransomware modifies filenames: it renames "1.jpg" to "1.jpg.Readnet7", "2.png" to "2.png.Readnet7", "3.exe" to "3.exe.Readnet7", and so forth.

What is Correos email scam?

After examining this email, we found that the scammers behind it pretend to be a state-owned company that provides postal service in Spain. The email is written in Spanish. Scammers use it to trick recipients into opening a fake Correos website and providing sensitive information. The email is written in Spanish.