Virus and Spyware Removal Guides, uninstall instructions

What is EAF ransomware?

During a routine inspection of new malware submissions to VirusTotal, our research team discovered the EAF ransomware.

After we launched a sample of EAF on our test system, we learned that it encrypts files and changes their filenames. File titles were prepended with the cyber criminals' email address and the victim's ID, and they were appended with the ".EAF" extension. For example, a file initially named "1.jpg" appeared as "[encoderdecryption@yandex.ru][9ECFA84E]1.jpg.EAF".

Once the encryption process was finished, this ransomware dropped a ransom-demanding message - "#FILES-ENCRYPTED.txt" onto the desktop.

What kind of application is DevelopEfficient?

DevelopEfficient is an application that our team has discovered while examining deceptive web pages. We have tested this app and found that it displays annoying advertisements. Software of this type is called adware. Typically, users install software of this type unintentionally.

What kind of page is bhrnkw[.]com?

Bhrnkw[.]com is a rogue webpage that our research team found while inspecting dubious sites. It operates by promoting spam browser notifications and redirecting visitors to other (likely untrustworthy/malicious) websites. Most users enter pages like bhrnkw[.]com via redirects caused by websites using rogue advertising networks.

What is DigitalPaper?

Our researchers found the DigitalPaper application during a routine inspection of new submissions to VirusTotal. Our analysis of this app revealed that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family.

What is the To go web browser hijacker?

To go web is a rogue browser extension. After analyzing this piece of software, we determined that it operates as a browser hijacker. To go web modifies browser settings to promote the togosearching.com fake search engine. Additionally, this browser hijacker spies on users' browsing activity.

What kind of page is safemacpc[.]xyz?

Safemacpc[.]xyz displays deceptive content (runs the "McAfee - Your PC is infected with 5 viruses!" scam) and asks for permission to show notifications. It uses a scare tactic to promote legitimate software. It is operated by affiliates who aim to collect illegitimate commissions.

Our team has discovered safemacpc[.]xyz while inspecting websites that use rogue advertising networks.

What kind of software is MajorSector?

While examining various shady/deceptive web pages, our team discovered an application called MajorSector. After installing and analyzing this app, they found that it generates advertisements. They also noticed that it can access sensitive information. Our malware researchers have classified MajorSector as adware.

What is BlackToxic ransomware?

While inspecting new submissions to VirusTotal, our research team discovered yet another malicious program based on Chaos ransomware. This ransomware-type program is called BlackToxic. We obtained a sample of it from VirusTotal and ran it in our test system.

BlackToxic encrypted files and appended their filenames with the ".KsiRu0w2" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.KsiRu0w2", "2.png" as "2.png.KsiRu0w2", etc.

Once this process was completed, this ransomware changed the desktop wallpaper and created a ransom note named "read_it.txt". After we inspected this message, we noted that it lacks critical information.

What kind of malware is BlueShtorm?

BlueShtorm is an information-stealing malware discovered by 3xp0rt. It is not known at this time what information this malware collects. Usually, information stealers target data that could be misused to steal money and (or) identities, hijack personal accounts, make fraudulent purchases, or blackmail victims.

What is the "Congratulations You just received TetherUSDT" scam?

While inspecting deceptive sites, our researchers discovered the "Congratulations You just received TetherUSDT" scam. It is yet another phishing scam targeting cryptocurrency wallet credentials.