Virus and Spyware Removal Guides, uninstall instructions

What is CRYPTER v2.40 ransomware?

CRYPTER v2.40 is a piece of malicious software classified as ransomware. Programs within this classification are designed to encrypt files and demand payment for the decryption.

After we launched a sample of CRYPTER v2.40 on our test machine, it encrypted files and appended their filenames with a ".crypter" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.crypter", "2.png" as "2.png.crypter", and so on.

Once this process was completed, a pop-up window was displayed. The text presented in this pop-up contained the ransom note.

What kind of malware is Zfdv?

Zfdv is the name of a ransomware variant belonging to the Djvu family. Our team discovered it while checking the VirusTotal page for recently submitted malware samples. We found that Zfdv encrypts files and appends ".zfdv" extension to filenames. It also provides a ransom note (creates the "_readme.txt" file).

An example of how Zfdv renames files: it renames "1.jpg" to "1.jpg.zfdv", "2.png" to "2.png.zfdv", and so forth.

What kind of malware is Ewdf?

While analyzing malware samples submitted to the VirusTotal page, our team discovered a new ransomware variant (belonging to the Djvu family) called Ewdf. We found that Ewdf encrypts files and appends the ".ewdf" extension to filenames. Also, it creates a text file (named "_readme.txt") that contains a ransom note.

An example of how Ewdf modifies filenames: it renames "1.jpg" to "1.jpg.ewdf", "2.png" to "2.png.ewdf", and so forth.

What kind of malware is Uihj?

While examining malware samples submitted to VirusTotal, we discovered a Djvu ransomware variant called Uihj. It encrypts files and modifies their filenames (appends the ".uihj" extension to filenames) and creates a ransom note (creates a text file named the "_readme.txt").

An example of how Uihj modifies filenames: it renames "1.jpg" to "1.jpg.uihj", "2.png" to "2.png.uihj", "3.exe" to "3.exe.uihj", and so forth.

What is InitialSprint?

InitialSprint is a piece of rogue software that our researchers discovered while inspecting new submissions to VirusTotal. Our analysis of this application revealed that it is advertising-supported software (adware) belonging to the AdLoad malware family.

What kind of page is news-neduda[.]com?

While inspecting questionable sites, our research team found the news-neduda[.]com rogue page. It operates by pushing browser notification spam and redirecting visitors to other (likely untrustworthy/malicious) websites. Users typically enter sites of this kind via redirects caused by webpages using rogue advertising networks.

What is Renew Search?

While inspecting untrustworthy download websites, our research team discovered the Renew Search browser extension. It promises to provide additional search options when the results from regular searches prove to be inadequate or when a desired webpage is unavailable. However, our analysis revealed that Renew Search operates as adware instead.

What kind of page is news-lemasu[.]com?

News-lemasu[.]com is a rogue webpage that we discovered while inspecting dubious sites. It is designed to push spam browser notifications and redirect visitors to different (likely untrustworthy/malicious) pages. Most users enter these websites via redirects caused by sites using rogue advertising networks.

What is Craze ransomware?

Our researchers found the Craze ransomware-type program while inspecting new submissions to VirusTotal. After we had executed a sample of Craze on our test system, it began encrypting files.

The filenames of the affected files were appended with an extension consisting of four random characters. For example, a file originally titled "1.jpg" appeared as "1.jpg.buof", "2.png" as "2.png.iyj8", etc. Once this process was completed, a ransom-demanding message - "RESTORE-MY-FILES.TXT" - was created. Additionally, this ransomware changed the desktop wallpaper.

What kind of malware is Bright Black?

Bright Black is ransomware that does not encrypt files. It only renames files by prepending "x" letter to their extensions. For example, it renames "1.jpg" to "1.xjpg", "2.png" to "2.xpng", "3.exe" to "3.xexe", and so forth. Also, Bright Black displays a pop-up window and creates the "ransnote.html" file (a ransom note).