Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Ooxa?

Ooxa is the name of ransomware we discovered while checking the VirusTotal site for recently submitted malware samples. Our team has found that Ooxa belongs to a ransomware family called Djvu. It is malware that encrypts files, modifies filenames (appends the ".ooxa" extension to them), and drops the "_readme.txt" file (a ransom note).

An example of how Ooxa modifies filenames: it renames "1.jpg" to "1.jpg.ooxa", "2.png" to "2.png.ooxa", "3.exe" to "3.exe.ooxa", and so forth.

What kind of website is ptaimpeerte[.]com?

Ptaimpeerte[.]com is a shady website we discovered while inspecting other pages of this kind (websites that use rogue advertising networks). Ptaimpeerte[.]com displays deceptive content to trick visitors into allowing it to show notifications. Also, it redirects visitors to a similar page.

What is OpenDocument malware?

While checking the VirusTotal page for recently submitted malware samples, our team discovered an OpenDocument malware. OpenDocument is a legitimate file format for Office Applications. Cybercriminals use a malicious OpenDocument file in their campaign to target Latin American hotels. They use it to deliver AsyncRAT - a Remote Access Trojan (RAT).

What kind of page is adsandcomputer[.]com?

Our research team discovered the adsandcomputer[.]com rogue page while inspecting untrustworthy sites. This webpage promotes spam browser notifications and redirects visitors to other (likely unreliable/harmful) websites. Users typically access such pages via redirects caused by sites using rogue advertising networks.

What is NetCreative?

While inspecting new submissions to VirusTotal, our researchers discovered the NetCreative rogue app. After analyzing this piece of software, we determined that it operates as adware and belongs to the AdLoad malware family.

What kind of page is notifinfoback[.]com?

During a routine inspection of untrustworthy websites, our researchers found notifinfoback[.]com - yet another rogue webpage promoting browser notification spam. This site attempts to trick users into allowing it to deliver its notifications. Additionally, notifinfoback[.]com can cause redirects to various (likely unreliable or malicious) websites.

Most users access sites of this type through redirects caused by others that use rogue advertising networks.

What kind of page is extravideo[.]live?

Our researchers discovered the extravideo[.]live rogue page while inspecting questionable websites. This webpage is designed to push browser notification spam and redirect visitors to other (likely untrustworthy/malicious) sites. Most users enter these webpages through redirects caused by pages using rogue advertising networks.

What kind of page is trusted-stream[.]life?

Trusted-stream[.]life is one of the websites designed to trick visitors into allowing them to show notifications. Also, this page redirects visitors to other websites of this type. Typically, users do not open such pages on purpose. We discovered trusted-stream[.]life while visiting and examining sites that use rogue advertising networks.

What kind of scam is "Server Configuration Manager"?

After examining this letter, our team concluded that it is a phishing scam where scammers attempt to extract personal information. It contains a hyperlink designed to open a phishing website. That website asks to provide login credentials. Thus, this email must be ignored.

What is MotionCycle?

MotionCycle is a rogue app that our researchers discovered while inspecting new submissions to VirusTotal. Our analysis of this piece of software revealed that it works as adware and belongs to the AdLoad malware family.