Virus and Spyware Removal Guides, uninstall instructions

What is Warlocks ransomware?

While inspecting new submissions to VirusTotal, our research team found yet another ransomware-type program based on Chaos ransomware.

This malicious program is called Warlocks, and we released a sample of it on our test system. Afterward, this ransomware encrypted files and appended their filenames with a ".warlocks" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.warlocks", "2.png" as "2.png.warlocks", etc.

Once the encryption process was completed, a ransom-demanding message titled - "read_it.txt" - was dropped onto the desktop.

What kind of page is videoplay-on[.]com?

While inspecting dubious websites, our researchers discovered the videoplay-on[.]com rogue webpage. It promotes spam browser notifications and redirects users to other (likely untrustworthy and malicious) sites. Most users enter websites of this type through redirects caused by pages using rogue advertising networks.

What kind of application is MinimalLight?

Our team has discovered MinimalLight application on a deceptive website claiming that it might be required to add this app to a web browser. After examination, we found that MinimalLight generates advertisements (it functions as adware). It is described as an app providing a dark mode for simple pages.

What is the Pick Tail browser extension?

Pick Tail is a rogue browser extension that we discovered while inspecting dubious download webpages. After analyzing this piece of software, we determined that it operates as a browser hijacker. Pick Tail alters browser settings to promote the tailsearch.com fake search engine. Additionally, this extension collects browsing-related data.

What kind of malware is Coper?

Coper is the name of an Android banking Trojan. Our malware researchers discovered that Coper is linked to another Android malware called ExoBotCompat (a reformed version of Exobot). It targets various banking apps. We found that Coper impersonates various banking and utility apps (it uses them as droppers).

What is Lloo ransomware?

Lloo is the name of a malicious program within the ransomware classification, which our researchers discovered while inspecting new malware submissions to VirusTotal. Lloo is yet another program belonging to the Djvu ransomware family.

After executing a sample of Lloo on our test machine, we learned that it encrypts files and modifies their filenames. The encrypted files were appended with a ".lloo" extension, e.g., a file named "1.jpg" appeared as "1.jpg.lloo", "2.png" as "2.png.lloo", etc. Once this process was finished, a ransom note - "_readme.txt" - was created.

What kind of scam is "Message Failure Receiving Notice"?

After inspecting this email we found that it is a phishing email containing a link that opens a deceptive website asking to provide login credentials. This email is disguised as a letter from an email service provider. It states that incoming messages have been suspended.

What is Llee ransomware?

During a routine inspection of new submissions to VirusTotal, our research team discovered the Llee ransomware-type program. We determined that Llee is part of the Djvu ransomware family.

Once we launched a sample of Llee on our test machine, it encrypted files and appended their filenames with a ".llee" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.llee", "2.png" as "2.png.llee", etc. Afterward, a ransom-demanding message named - "_readme.txt" - was created.

What kind of malware is Lltt?

Lltt is ransomware that belongs to the Djvu ransomware family. We discovered it while analyzing malware samples submitted to the VirusTotal site. Lltt encrypts files and appends the ".lltt" extension to their filenames. It also creates a ransom note (the "_readme.txt" file).

An example of how Lltt modifies filenames: it renames "1.jpg" to "1.jpg.lltt", "2.png" to "2.png.lltt", "3.exe" to "3.exe.lltt", and so forth.

What kind of malware is Edw?

Edw is ransomware that encrypts files, appends the victim's ID, edward22w@aol.com email address, and the ".edw" extension to filenames, and generates two ransom notes (displays a pop-up window and creates a text file named "FILES ENCRYPTED.txt"). We found that Edw belongs to a ransomware family called Dharma.

Our malware researchers discovered Edw ransomware while examining malware samples submitted to VirusTotal. An example of how Edw renames files: it renames "1.jpg" to "1.jpg.id-9ECFA84E.[edward22w@aol.com].edw", "2.png" to "2.png.id-9ECFA84E.[edward22w@aol.com].edw", and so forth.