Virus and Spyware Removal Guides, uninstall instructions

What kind of page is aytonus[.]com?

While inspecting untrustworthy sites, our research team found the aytonus[.]com deceptive webpage. This website is designed to load scams and redirect visitors to other (likely unreliable/malicious) pages.

Most users enter webpages like aytonus[.]com via redirects caused by sites using rogue advertising networks, mistyped URLs, spam browser notifications, intrusive advertisements, or installed adware.

What kind of page is news-gocuco[.]cc?

During a routine inspection of untrustworthy websites, our researchers found the news-gocuco[.]cc rogue site. It operates by promoting deceptive content, pushing browser notification spam, and redirecting visitors to different (likely unreliable/malicious) pages. Most users enter them via redirects caused by websites using rogue advertising networks.

What is VistaQuantum?

VistaQuantum is a rogue application that we discovered while inspecting new submissions to VirusTotal. Our analysis of this piece of software revealed that it operates as adware. Additionally, VistaQuantum belongs to the AdLoad malware family.

What is "Your Package Has Been Delivered To Your Preferred Safe Place" email virus?

After analyzing this email, we found that its purpose is to trick recipients into infecting their computers with a remote access Trojan named BitRAT. It is disguised as a letter from Amazon and contains a malicious attachment (a malicious disk image file).

What is WORLD GRASS ransomware?

WORLD GRASS (also known as EarthGrass/EarthGress) is a ransomware-type program that our research team found while inspecting new submissions to VirusTotal.

After launching a sample of this ransomware on our test machine, we learned that it encrypts files and appends their filenames with a ".34r7hGr455" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.34r7hGr455", "2.png" as "2.png1.jpg.34r7hGr455", etc.

Once the encryption was finished, WORLD GRASS created a ransom note titled "Read ME (Decryptor).txt" and changed the desktop wallpaper.

What kind of malware is Saitama?

Saitama is the name of a backdoor malware (written in .Net) that abuses DNS protocol for C2 (Command and Control) communications. It can execute remote commands and drop files. We have discovered this backdoor during the analysis of an email containing a malicious attachment (an Excel document).

What kind of malware is Redem Mikhail?

Our malware researchers have discovered a new ransomware variant called Redem Mikhail during a routine check of malware samples submitted to the VirusTotal page. They found that Redem Mikhail is part of the Spora ransomware family. Once executed, it encrypts files, modifies their filenames, and creates "ReadMe_Now!.hta", and "Read_Me!_.txt" files (ransom notes).

Redem Mikhail renames files by appending the victim's ID, redem.mikhail17662@gmail.com email address, and a randomly generated extension (four characters). For example, it renames "1.jpg" to "1.jpg[ID=zsfmjv-Mail=redem.mikhail17662@gmail.com].IbnL", "2.png" to "2.png[ID=zsfmjv-Mail=redem.mikhail17662@gmail.com].IbnL", and so forth.

What is PDFCreator?

While inspecting new submissions to VirusTotal, our researchers found the PDFCreator application. It has multiple detections as "adware" on VirusTotal.

Although we did not observe any characteristics of such software during analysis (potentially due to some sort of incompatibility between PDFCreator and our test system), this does not exclude the possibility that this app does have advertising-supported software functionalities. It might also be the case that this application has browser-hijacking and/or data-tracking abilities.

What kind of software is VoltageTask?

Our team has discovered the VoltageTask application while inspecting various deceptive web pages. After installing and analyzing this app, we learned that it displays intrusive advertisements. Therefore, we categorized VoltageTask as adware (advertising-supported software).

What kind of page is cauthaushoas[.]com?

While inspecting questionable websites, our research team discovered the cauthaushoas[.]com rogue webpage. It is designed to host dubious content, promote browser notification spam, and redirect visitors to other (likely unreliable/malicious) sites.

Most users enter websites like cauthaushoas[.]com via pages that use rogue advertising networks.