Virus and Spyware Removal Guides, uninstall instructions

What is Filmatory?

Filmatory is a rogue browser extension that our research team discovered while inspecting untrustworthy download webpages. This extension promises to allow quick access to movie-related online content. After analyzing Filmatory, we learned that it operates as advertising-supported software (adware).

What kind of scam is "Your Netflix Subscription Suspended Within 2 Days"?

After analyzing this email, we have concluded that it is a phishing email disguised as a letter regarding a Netflix subscription. Scammers behind this email attempt to trick recipients into opening a deceptive page (a fake Netflix website) and providing login credentials on it. This email must be ignored.

What is SkipTheAdz?

While inspecting dubious software promoting websites, our research team discovered the SkipTheAdz browser extension. This piece of software promises to skip advertisements automatically (e.g., YouTube ads). However, SkipTheAdz displays adverts instead (operates as adware). Furthermore, this browser extension has data tracking abilities.

What kind of application is Can I locate it?

Can I locate it is a browser extension described as a tool for locating active websites. We have discovered this app while examining deceptive pages. After downloading and adding the Can I locate it application, we found that it displays unwanted advertisements. Thus, we categorized this app as adware.

What kind of page is browser-under-protection[.]com?

Our researchers discovered the browser-under-protection[.]com rogue website during a routine inspection of untrustworthy pages. It is designed to promote scams, push browser notification spam, and redirect to other (likely dubious/malicious) sites.

These webpages are typically accessed via redirects caused by sites using rogue advertising networks.

What kind of application is Rapid Files Download?

Rapid Files Download is an application described as a tool allowing users to keep track of downloads and quickly access and manage them and create new downloads. Our team has discovered this app on a deceptive page that suggests that it may be required to add it to a browser. After downloading and adding it, we found that it functions as adware.

What kind of malware is Z61yt?

Z61yt is ransomware that belongs to the Hive ransomware family. Our team discovered Z61yt while examining malware samples submitted to the VirusTotal page. This ransomware encrypts files and appends a string of random characters and the ".z61yt" extension to filenames. Also, Z61yt creates the "1uZ5_HOW_TO_DECRYPT.txt" file with a ransom note in it.

An example of how Z61yt renames files: it renames "1.jpg" to "1.jpg.uciIWUOQ8gVSwncWRdG-4HvIGemehd3wf6t7Z_tY8oj_NAAAADQAAAA0.z61yt", "2.png" to "2.png.uciIWUOQ8gVSwncWRdG-4HvIGemehd3wf6t7Z_tY8oj_NAAAADQAAAA0.z61yt", and so forth.

What is KEEP CALM AND RECOVER YOUR FILES ransomware?

Discovered by the MalwareHunterTeam, KEEP CALM AND RECOVER YOUR FILES is a ransomware-type program. It is also a variant of the Chaos ransomware.

After launching a sample of KEEP CALM AND RECOVER YOUR FILES on our test system, we learned that it encrypts files and appends their filenames with an extension consisting of four random characters. For example, a file originally titled "1.jpg" appeared as "1.jpg.masz", "2.png" as "2.png.waeq", etc.

Once this process was completed, the ransomware changed the desktop wallpaper and created a ransom-demanding message named "read_it to decrypt.txt".

What is MemoryFunction?

MemoryFunction is a rogue app that we found while inspecting new submissions to VirusTotal. Our analysis of the application revealed that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family.

What kind of malware is BianLian?

BianLian is the name of a banking Trojan targeting Android users. We have discovered this piece of malware while examining malware droppers (fake apps) uploaded to the Google Play store. BianLian performs overlay attacks to steal login credentials for banking applications and has additional capabilities.