Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Jjll?

Jjll is ransomware that belongs to the Djvu family. It encrypts files and modifies their filenames (it appends the ".jjll" extension to filenames) and drops the "_readme.txt" file/a ransom note. An example of how Jjll modifies filenames: it renames "1.jpg" to "1.jpg.jjll", "2.png" to "2.png.jjll", "3.exe" to "3.exe.jjll", and so forth.

What is "Make It Dark"?

Make It Dark is a rogue browser extension that we discovered while inspecting questionable download webpages. This piece of software is promoted as a tool capable of enabling dark mode for browsers. However, our analysis revealed that Make It Dark operates as adware instead.

What kind of page is findallmoneysurvey[.]top?

Findallmoneysurvey[.]top is a rogue webpage that we discovered while inspecting dubious sites. It is designed to load deceptive content, promote browser notification spam, and redirect visitors to different (likely untrustworthy/malicious) websites.

Users mostly enter findallmoneysurvey[.]top and pages akin to it - through redirects caused by sites that use rogue advertising networks.

What kind of application is what color?

The what color adware is the name of a browser extension that our team has discovered on a deceptive page instructing to add this extension/application to complete some process. After testing the app, we found that it is adware - it displays annoying/intrusive advertisements. Thus, it is advisable not to have what color app added to a browser.

What kind of page is omouswomani[.]xyz?

After examining the omouswomani[.]xyz page, we concluded that it is a deceptive website designed to trick visitors into agreeing to receive notifications. Our team has discovered omouswomani[.]xyz while inspecting other websites that use rogue advertising networks. It is very uncommon for pages like omouswomani[.]xyz to be opened/visited intentionally.

What is Avoiding Ads?

While inspecting dubious download webpages, our researchers discovered one promoting the Avoiding Ads browser extension. It is endorsed as an ad-blocking tool (adblocker) for YouTube. After analyzing this piece of software, we learned that it operates as adware (i.e., delivers advertisements).

What kind of page is cleaningupdate[.]xyz?

While inspecting unreliable websites, our researchers discovered the cleaningupdate[.]xyz rogue page. It promotes scams (at the time of research - "Your Windows 10 is infected with viruses"), pushes browser notification spam, and redirects visitors to other (likely dubious/malicious) sites.

Users typically access cleaningupdate[.]xyz and similar webpages through redirects caused by sites using rogue advertising networks.

What kind of application is Helperate?

Helperate is the name of an application we discovered while inspecting a shady website offering to install a browser extension. Our team has tested Helperate and learned that it functions as adware. This application displays intrusive advertisements. It is strongly recommended not to have it on a web browser.

What is Yalohol ransomware?

Our research team found the Yalohol ransomware-type program during a routine inspection of new malware submissions to VirusTotal. We also learned that this program is part of the Spora ransomware family.

Once we executed a sample of Yalohol on our test system, it encrypted files and changed their filenames. The file titles were appended with a unique ID assigned to the victims, the attackers' email address, and an extension consisting of four random characters. For example, a file named "1.jpg" appeared as "1.jpg1.jpg[ID=Df6M3F-Mail=yalohol9@gmail.com].0MFD".

After the encryption process was completed, Yalohol ransomware created two messages - "ReadMe_Now!.hta" and "Read_Me!_.txt", the latter contained a detailed ransom note.

What kind of malware is Again?

Our malware researchers have discovered a new ransomware called Again while examining malware samples submitted to the VirusTotal website. It was found that Again is part of the Babuk ransomware family. The purpose of this malware is to encrypt files.

Also, Again renames encrypted files (appends the ".again" extension to filenames) and drops a ransom note (the "How To Restore Your Files.txt" file). An example of how Again renames files: it changes "1.jpg" to "1.jpg.again", "2.png" to "2.png.again", "3.exe" to "3.exe.again", and so forth.