Virus and Spyware Removal Guides, uninstall instructions

What is Quick Files Download?

Quick Files Download is a rogue browser extension that we discovered while inspecting untrustworthy download webpages. This piece of software is promoted as a download management tool. However, Quick Files Download actually operates as adware - it displays various advertisements and spies on users' browsing activity.

What is Triclyde ransomware?

While inspecting new submissions to VirusTotal, we found the Triclyde malicious program that is classified as ransomware. We determined that this program is part of the Nominatus ransomware family.

After a sample of Triclyde was launched on our test machine, it began encrypting files. However, unlike most ransomware-type programs, Triclyde did not rename the compromised files. Once the encryption was finished, a pop-up window was displayed.

What is ViewFD?

While inspecting sites offering "cracked" software for download, our researchers discovered the ViewFD malware. This program can force-open a wide variety of unreliable, rogue, scam, and malicious websites. ViewFD may also have other harmful abilities.

What kind of page is defenderlab[.]xyz?

Defenderlab[.]xyz is a deceptive page running the "Your PC is infected with 5 viruses!" scam. Also, it asks for permission to show untrustworthy notifications. Our team has discovered defenderlab[.]xyz while inspecting pages that use rogue advertising networks. Pages like defenderlab[.]xyz are not being visited on purpose.

What is MaliBot?

MaliBot is a banking trojan targeting Android Operating Systems (OSes). As its name implies, this malware primarily seeks to extract information relating to victims' banking and finances.

However, MaliBot is a multifunctional piece of malicious software capable of performing various actions on infected devices, obtaining vulnerable data, bypassing multi-factor/two-factor (MFA/2FA) authentication, and managing/sending SMSes (text messages).

What kind of application is Light Tab?

We have discovered the Light Tab application after inspecting a deceptive website instructing visitors to download and install a recommended application. After examining this app, we found that it hijacks a web browser by changing some of its settings to search.lighttab.me. Light Tab is a browser hijacker that promotes a fake search engine.

What kind of malware is Proxy2Service?

Proxy2Service is the name of a malicious program our team has discovered after inspecting a deceptive installer downloaded from a cracked software distribution page. We found that Proxy2Service forces web browser to open various (potentially malicious) websites. We also learned that Proxy2Service is flagged as malicious by more than thirty security vendors.

What is "Pirated Windows Software detected in this Computer"?

"Pirated Windows Software detected in this Computer" is a tech support scam that our researchers discovered while inspecting untrustworthy websites.

Technical support scams aim to trick users into calling fake helplines and allowing cyber criminals remote access to their devices - by claiming that their systems are infected or at risk. It must be emphasized that no website can detect threats/issues present on a visitor's computer; hence, any that make such claims are scams.

Furthermore, tech scams often include the names/graphics of real products or companies to create the impression of legitimacy; "Pirated Windows Software detected in this Computer" is not an exception. It is disguised as an alert from Windows/Microsoft - however, it is in no way associated with the Microsoft Corporation or their products.

What kind of scam is "DRIDEX..Malware detected - Error Code: DXRW2:#19X80XD"?

It is a technical support scam claiming that a computer is infected. Like most scam sites displaying fake pop-ups, this one uses a scare tactic to trick unsuspecting visitors into performing certain actions. We have discovered this tech support scam while inspecting other pages that use rogue advertising networks.

What kind of malware is LIZARD?

While inspecting malware samples submitted to the VirusTotal page, we discovered LIZARD - ransomware belonging to the Phobos family. It encrypts files and appends the victim's ID, r3wuq@tuta.io email address, and ".LIZARD" extension to filenames. LIZARD also creates "info.hta" (a file that opens a pop-up window) and "info.txt" files containing ransom notes.

An example of how LIZARD modifies filenames: it renames "1.jpg" to "1.jpg.id[9ECFA84E-3351].[r3wuq@tuta.io].LIZARD", "2.png" to "2.png.id[9ECFA84E-3351].[r3wuq@tuta.io].LIZARD", and so forth.