Virus and Spyware Removal Guides, uninstall instructions

What is StandartSync?

Our researchers discovered the StandartSync rogue application during a routine inspection of new submissions to VirusTotal. Our analysis of this app revealed that it operates as advertising-supported software (adware) belonging to the AdLoad malware family.

What kind of application is Dark Surfing?

Dark Surfing application is described as an app allowing users to switch their browser to dark mode. However, after testing the app, we found that it generates advertisements. Thus, our team has classified Dark Surfing as adware. Typically, users do not add (or install) adware on purpose - they cause it inadvertently.

What kind of malware is Jjyy?

Jjyy is ransomware belonging to the Djvu family. Our team has discovered this ransomware while checking the VirusTotal site for recently submitted malware samples. We found that Jjyy encrypts files and appends ".jjyy" as their new extension. Also, it drops the "_readme.txt" file that contains a ransom note.

An example of how Jjyy modifies filenames: it changes "1.jpg" to "1.jpg.jjyy", "2.png" to "2.png.jjyy", "3.exe" to "3.exe.jjyy", and so forth.

What kind of malware is Jjww?

Jjww is ransomware - malware that encrypts files. Also, it modifies filenames and drops the "_readme.txt" file (a ransom note). We discovered Jjww while examining malware samples submitted to VirusTotal. We also found that Jjww belongs to the Djvu ransomware family.

Jjww renames files by appending the ".jjww" extension. For example, it renames "1.jpg" to "1.jpg.jjww", "2.png" to "2.png.jjww", "3.exe" to "3.exe.jjww", and so forth.

What kind of page is defensivereaction[.]cfd?

After examining the defensivereaction[.]cfd page, we found that it is an untrustworthy page running a scam similar to "McAfee - Your PC is infected with 5 viruses!". Also, this site wants to show notifications. Our team has discovered defensivereaction[.]cfd while visiting and examining pages that use rogue advertising networks.

What kind of application is Video Skipping Over?

Video Skipping Over is promoted as the best extension for blocking ads on YouTube. After examining this app, we found that it shows ads instead of blocking them. Thus, we classified Video Skipping Over as adware. Our team has discovered this adware on a shady website.

What kind of page is pc-tools-2022[.]xyz?

We discovered the pc-tools-2022[.]xyz site while inspecting other pages that use rogue advertising networks. We found that pc-tools-2022[.]xyz is running the "McAfee - Your PC is infected with 5 viruses!" scam. Also, this page asks for permission to show notifications. Pages like pc-tools-2022[.]xyz are rarely visited intentionally.

What kind of application is ManagerTemplate?

While inspecting various shady/deceptive websites, we discovered an application called ManagerTemplate. After installing and examining ManagerTemplate, we learned that it generates intrusive advertisements. Thus, we classified ManagerTemplate as adware.

What is FartingGiraffeAttacks ransomware?

Our researchers discovered the FartingGiraffeAttacks ransomware while inspecting new submissions to VirusTotal. We also found that this malicious program is part of the MedusaLocker ransomware family.

When we launched a sample of this ransomware on our testing system, it encrypted files and appended their filenames with a ".FartingGiraffeAttacks" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.FartingGiraffeAttacks", "2.png" as "2.png.FartingGiraffeAttacks", etc.

Once this process was completed, FartingGiraffeAttacks dropped its ransom note on the desktop; this file was named "HOW_TO_RECOVER_DATA.html". Based on the message in this file, we can surmise that FartingGiraffeAttacks targets companies rather than home users.

What kind of page is ovenelapodioria[.]com?

While inspecting unreliable websites, our researchers found the ovenelapodioria[.]com rogue page. It is designed to push browser notification spam and redirect visitors to other (likely dubious/malicious) sites. Most users typically access such webpages through redirects caused by sites using rogue advertising networks.