Virus and Spyware Removal Guides, uninstall instructions

What is Grt ransomware?

Our researchers discovered the Grt ransomware during a routine inspection of new submissions to VirusTotal. We determined that this malicious program belongs to the Phobos ransomware family.

Once launched on our test system, this program encrypted files and renamed them. The filenames of affected files were appended with a unique ID, the cyber criminals' email address, and the ".grt" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.id[9ECFA84E-3268].[ghost@mm.st].grt".

After the encryption process was completed, ransom notes were created/displayed in a pop-up window ("info.hta") and text file ("info.txt").

What is the "Loyalty Program" scam?

While inspecting rogue webpages, our research team discovered the "Loyalty Program" scam. It makes false claims about users having a chance of winning a prize by completing a survey. It must be emphasized that the promised gift is fake, and any legitimate entities mentioned in this scam are in no way associated with it. Schemes of this kind typically operate as phishing scams or attempt to trick victims into paying fake fees.

What is Broom Cleaner?

While inspecting dubious download webpages, our researchers found the Broom Cleaner application. It is promoted as a tool for improving system performance by removing junk content and protecting user privacy.

The deceptive installer of Broom Cleaner installed its activated version onto our test machine. Despite being activated (thus fully operational), Broom Cleaner did not work as advertised. Due to this and the questionable methods used to promote it, this app is classified as a PUA (Potentially Unwanted Application).

Note that PUAs often have harmful functionalities and/or are bundled (packed together) with dangerous software.

What kind of program is I-Record?

Judging by the app's interface, I-Record is supposed to record the screen using the selected video format. Our team has discovered I-Record after completing an installation of a software bundle downloaded from a shady web page. It is highly advisable not to install apps included in deceptive installers.

What kind of page is robustwebsecurity[.]com?

While looking through untrustworthy websites, our research team found the robustwebsecurity[.]com rogue page. It operates by promoting scams, pushing browser notification spam, and redirecting visitors to other (likely unreliable/dangerous) sites.

Webpages like robustwebsecurity[.]com are typically accessed through redirects caused by sites using rogue advertising networks.

What is Ads Skipping Over?

Ads Skipping Over is a rogue browser extension that our researchers found while inspecting deceptive software-promoting websites. This extension is endorsed as a Youtube advertisement ad-blocker/ad-skipper. However, after analyzing Ads Skipping Over, we determined that it operates as advertising-supported software (adware) instead.

What kind of malware is Magnus?

Magnus is ransomware that our team has discovered while examining malware samples submitted to the VirusTotal page. We found that Magnus encrypts files, appends four random characters to filenames (its extension), changes the desktop wallpaper, and creates the "READMEEEEEE!!!!.txt" file containing a ransom note.

An example of how Magnus modifies filenames: it renames "1.jpg" to "1.jpg.46f2", "2.png" to "2.png.r49r", and so forth.

What kind of application is FrequencyPlatform?

While inspecting deceptive websites offering to update the Adobe Flash Player, our team discovered an application named FrequencyPlatform. During the analysis, we found that FrequencyPlatform generates unwanted advertisements. Thus, it has been concluded that FrequencyPlatform is adware.

What kind of malware is Info?

Info is the name of ransomware belonging to the Dharma ransomware family. Our team has discovered it while inspecting malware samples submitted to VirusTotal. Info encrypts data, appends the victim's ID, infobase@onionmail.com email address, and ".info" extension to filenames, and generates two files ("FILES ENCRYPTED.txt" and "Info.hta") containing ransom notes.

An example of how Info ransomware renames files: it changes "1.jpg" to "1.jpg.id-9ECFA84E.[infobase@onionmail.com].info", "2.png" to "2.png.id-9ECFA84E.[infobase@onionmail.com].info", and so forth.

What kind of page is redstringline[.]com?

Redstringline[.]com is a rogue webpage that our research team discovered during a routine inspection of unreliable websites. This page promotes spam browser notifications and redirects visitors to different (likely untrustworthy/malicious) sites.

Redstringline[.]com and similar webpages are usually accessed via others that use rogue advertising networks.