Virus and Spyware Removal Guides, uninstall instructions

What kind of page is computeradz[.]com?

While inspecting dubious websites, our research team discovered the computeradz[.]com rogue webpage. We determined that this site promotes browser notification spam (with the use of fake CAPTCHA) and redirects visitors to other (likely untrustworthy/malicious) websites.

Users typically enter such pages through redirects caused by sites that employ rogue advertising networks.

What kind of page is alcovenin[.]xyz?

We discovered the alcovenin[.]xyz rogue webpage while inspecting untrustworthy sites. It operates by promoting the browser notification spam and redirecting visitors to other (likely unreliable/malicious) websites. Most users typically enter such webpages via redirects caused by sites using rogue advertising networks.

What is Yashma ransomware?

While inspecting online malware-selling hotspots (hacker forums), our research team found the Yashma ransomware. After analyzing it, we learned that it is a new variant of the Chaos ransomware.

Once launched onto our test machine, this malicious program began encrypting files and appended their filenames with an extension consisting of four random characters. For example, a file initially titled "1.jpg" on our test system - appeared as "1.jpg.wung", "2.png" as "2.png.3npe", etc.

Afterward, Yashma changed the desktop wallpaper and created a text file named "read_it.txt"; both the wallpaper and document contained ransom-demanding messages.

What kind of browser extension is "Watch It"?

Watch It is the name of a browser extension that we discovered while inspecting shady download webpages. This piece of software promises to allow users easy access to movies, TV shows, and related content. After analyzing this extension, we determined that it operates as adware.

What is Hhjk ransomware?

During a routine inspection of new submissions to VirusTotal, our research team found the Hhjk ransomware-type program. We determined that this malicious program belongs to the Djvu ransomware family.

After being launched onto our test system, Hhjk encrypted files and changed their filenames by adding the ".hhjk" extension to them. For example, a file initially titled "1.jpg" appeared as "1.jpg.hhjk", "2.png" as "2.png.hhjk", etc. Once this process was completed, a ransom-demanding message - "_readme.txt" - was created.

What is CrossSign?

CrossSign is a rogue application, which our research team found while inspecting new submissions to VirusTotal. Following our analysis of this app, we determined that it operates as advertising-supported software (adware) and that it belongs to the AdLoad malware family.

What is Ttii ransomware?

Ttii is the name of a malicious program classified as ransomware. It is designed to encrypt data and demand ransoms for the decryption. Additionally, Ttii is part of the Djvu ransomware family.

We executed a sample of Ttii (obtained from VirusTotal) onto our test machine and it encrypted files and appended their filenames with a ".ttii" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.ttii", "2.png" as "2.png.ttii", etc. Afterwards, a ransom note - "_readme.txt" - was created.

What is Mmob ransomware?

Mmob is a malicious program classified as ransomware. Malware within this classification is designed to encrypt data and demand payment for the decryption. Mmob is part of the Djvu ransomware family.

We obtained a sample of Mmob from VirusTotal and launched it onto our test machine. This program began encrypting files and appended their filenames with a ".mmob" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.mmob", "2.png" as "2.png.mmob", etc.

Once the encryption process was completed, Mmob ransomware created a ransom note in a text file named "_readme.txt".

What kind of page is allowtocontinue[.]com?

Allowtocontinue[.]com is a page that uses a clickbait technique to get permission to deliver notifications. It also redirects visitors to other websites. Our team has discovered allowtocontinue[.]com while examining other pages that use rogue advertising networks. It is uncommon for pages like alowtocontinue[.]com to be opened intentionally.

What kind of page is cartech[.]space?

Cartech[.]space displays deceptive content to trick visitors into allowing it to show notifications. Also, it redirects to another identical page. Typically, websites like cartech[.]space are promoted via other pages of this kind. We have discovered cartech[.]space while inspecting pages that use rogue advertising networks.