Virus and Spyware Removal Guides, uninstall instructions

What kind of page is di04[.]biz?

We have examined di04[.]biz website and found that it asks for permission to show notifications and redirects to a scam page. It displays deceptive content to trick visitors into agreeing to receive notifications. Di04[.]biz was discovered while inspecting other pages that use rogue advertising networks.

What kind of malware is Titancrypt?

Titancrypt is ransomware that encrypts files (it encrypts only a few file formats) and appends the ".titancrypt" extension to filenames. Also, it creates a text file (a file named "___RECOVER__FILES__.titancrypt.txt") and displays a pop-up window. Both of them contain ransom notes. Titancrypt ransomware was discovered by S!Ri.

An example of how Titancrypt renames files: it changes "1.jpg" to "1.jpg.titancrypt", "2.png" to "2.png.titancrypt", and so forth.

What kind of page is timetocheck[.]xyz?

Timetocheck[.]xyz is a rogue webpage that our research team discovered while inspecting questionable sites. This page is designed to push browser notification spam and redirect visitors to other (likely untrustworthy/malicious) websites. Most users access such webpages through redirects caused by sites using rogue advertising networks.

What kind of page is webdefencerequired[.]com?

While inspecting dubious sites, our research team found the webdefencerequired[.]com rogue website. It operates by promoting deceptive material, pushing browser notification spam, and redirecting visitors to other (likely untrustworthy/malicious) pages.

Visitors to sites like webdefencerequired[.]com usually enter them via others that use rogue advertising networks.

What is the Weather adware?

During a routine inspection of deceptive download sites, we discovered a rogue app called Weather. After analyzing this piece of software, we learned that it operates as adware. Furthermore, we noted that Weather is practically identical to Prime adware.

What kind of malware is Burmilla?

Burmilla is the name of an information-stealing malware. It steals data from certain applications and clients, browsers, and cryptocurrency wallets. Also, it captures screenshots and obtains system information (and information about files stored on the infected computer).

What kind of malware is Anatsa?

Anatsa (also known as TeaBot) is a banking Trojan with remote administration Trojan (RAT) capabilities. It can steal credentials, log keystrokes and capture the screen (obtain anything shown on the victim's screen). We have discovered Anatsa while inspecting apps (droppers) uploaded to Google Play.

What is NetDooka?

Discovered by TrendMicro, NetDooka is a multi-component malware framework distributed through a malicious PPI (Pay-Per-Install) service. Due to the nature of malware PPI services, exactly what malicious components are installed can vary.

The observed infection chains compromised a loader and dropper, with the final payload being the NetDooka RAT (Remote Access Trojan). Some variants included a protection driver, which attempts to prevent malware removal efforts. RATs are malicious programs designed to enable remote/access over infected machines. Hence, these trojans tend to be multifunctional and highly versatile.

What kind of program is Video Ad Remover?

We have discovered Video Ad Remover while examining various untrustworthy websites claiming that it may be necessary to install this app. After downloading and installing Video Ad Remover, we found that it is an advertising-supported application - it bombards users with intrusive advertisements.

What is Odaku ransomware?

Odaku is a ransomware-type program that our researchers discovered while inspecting new submissions to VirusTotal. We determined that this malicious program belongs to the Chaos ransomware family.

Once executed on our test system, Odaku began encrypting files and appended their filenames with an extension consisting of four random characters. For example, a file originally titled "1.jpg" appeared as "1.jpg.dkzk", "2.png" as "2.png.nfhu", and so forth. After the encryption process was completed, Odaku created a ransom note - "read_it.txt" - on the desktop.