Virus and Spyware Removal Guides, uninstall instructions

What is Lizard Squad ransomware?

While inspecting new malware submissions on VirusTotal, our researchers discovered the Lizard Squad ransomware-type program.

After we executed a sample of this ransomware on our test system, it encrypted files and modified their titles. The filenames were appended with extensions consisting of four random characters, e.g., a file originally named "1.jpg" appeared as "1.jpg.kfk8", "2.png" as "2.png.v5nl", and so on.

Once the encryption process was finished, Lizard Squad created a ransom note titled "說明it.txt", which contained a message in Chinese and English. Furthermore, this ransomware changed the desktop wallpaper.

What is BytesShow?

BytesShow is a piece of rogue software that our researchers discovered while inspecting new submissions to VirusTotal. After running this app on our test system, we learned that BytesShow operates as advertising-supported software (adware) and belongs to the AdLoad malware family.

What kind of application is WiseInternational?

While analyzing websites encouraging to update "outdated" software (distributing fake installers), we discovered an application called WiseInternational. We found that this is an advertising-supported app. In other words, WiseInternational is designed to generate intrusive advertisements.

What kind of malware is Hheo?

While inspecting malware samples submitted to the VirusTotal website, our team discovered ransomware called Hheo. It is malware that encrypts the victim's files, appends its extension (".hheo") to the filenames of all encrypted files, and drops a ransom note (creates the "_readme.txt" file). We also found that Hheo belongs to the Djvu ransomware family.

An example of how Hheo modifies filenames: it changes "1.jpg" to "1.jpg.hheo", "2.png" to "2.png.hheo", "3.exe" to "3.exe.hheo", and so forth.

What kind of malware is ReadSRead?

While checking the VirusTotal page for recently submitted malware samples, our researchers discovered ReadSRead - ransomware that encrypts files. We found that ReadSRead is part of the MedusaLocker ransomware family. It not only encrypts files but also appends the ".ReadSRead" extension to filenames and drops a ransom note (the "HOW_TO_RECOVER_DATA.html" file).

An example of how ReadSRead modifies filenames: it renames "1.jpg" to "1.jpg.ReadSRead", "2.png" to "2.png.ReadSRead", "3.exe" to to "3.exe.ReadSRead", and so forth.

What kind of application is AllianceSpace?

While inspecting untrustworthy websites offering to update supposedly outdated software, our team discovered the AllianceSpace application. While examining this app, we found that it functions as adware. AllianceSpace feeds users with intrusive advertisements that promote questionable pages.

What is "colors scale"?

Colors scale is the name of a browser extension that promises to allow users to change the color, saturation, contrast, and similar appearance details of visited websites. However, our analysis of this piece of software revealed that it operates as adware instead.

What kind of page is lpnotworld[.]com?

While inspecting dubious sites, our research team discovered lpnotworld[.]com. This rogue webpage is designed to promote browser notification spam and redirect visitors elsewhere (likely untrustworthy/malicious pages). Users primarily access websites like lpnotworld[.]com via redirects caused by webpages using rogue advertising networks.

What kind of page is highpotencysoftware[.]com?

Our researchers found the highpotencysoftware[.]com rogue webpage while inspecting unreliable sites. This page promotes scams, pushes spam browser notifications, and redirects visitors to different (likely untrustworthy/malicious) websites.

Most users enter highpotencysoftware[.]com and similar webpages through redirects caused by sites using rogue advertising networks.

What is U2K ransomware?

While inspecting new submissions to VirusTotal, our researchers discovered the U2K ransomware. We determined that this malicious program is identical to MME ransomware.

After we launched a sample of U2K on our test machine, it encrypted files and altered their names. The filenames were appended with the ".U2K" extension, e.g., a file initially titled "1.jpg" appeared as "1.jpg.U2K", "2.png" as "2.png.U2K", etc. Once this process was completed, a ransom-demanding message - "ReadMe.txt" - was created.