Virus and Spyware Removal Guides, uninstall instructions

What is the go dark browser hijacker?

While inspecting deceptive download sites, our research team found the go dark browser extension. After analyzing this piece of software, we learned that go dark operates as a browser hijacker promoting the getsins.com fake search engine.

What kind of email is "DHL Air Waybill"?

Following our inspection of the "DHL Air Waybill" email, we determined that it is spam intended to infect the recipient's device with malware.

This scam email is disguised as a message from the DHL logistics company - regarding a shipment. The file attached to this letter is designed to infect systems with the Agent Tesla RAT (Remote Access Trojan).

What is Pterodo?

Pterodo is a malicious program actively used in geopolitically-motivated cyber attacks against Ukraine. This malware has been linked to the Russian-based espionage group named Shuckworm (also known as Armageddon and Gamaredon). This group has targeted Ukraine almost exclusively since 2014.

Pterodo is classified as a backdoor-type malware; it is designed to inject malicious programs and code into infected machines.

What kind of page is greenconvert[.]net?

Greenconvert[.]net is a website offering to download videos from YouTube and convert them to MP3 files (save videos in audio format). It is worth mentioning that it is not entirely legal to download videos from YouTube. Another issue with the greenconvert[.]net page is that it uses rogue advertising networks.

What kind of malware is L3MON?

L3MON is an Android malware with a remote administration Trojan (RAT) functionality. It misuses the Accessibility services to steal sensitive information and perform other actions. We have discovered L3MON RAT while inspecting a trojanized Sathi Chat app that impersonates tje Crazy Talk messaging app.

What is 000 Stealer?

While inspecting malware selling hotspots, our researchers discovered a malicious program named 000. It is a stealer-type malware designed to exfiltrate and extract a wide variety of sensitive data from infected machines.

What kind of malware is AstraLocker 2.0?

AstraLocker 2.0 is a ransomware variant belonging to the Babuk family. We have found it while checking the VirusTotal page for recently submitted malware samples. AstraLocker 2.0 encrypts files and appends ".AstraLocker" or ".Astra" (depending on the variant) extension to filenames. Also, it creates the "Recover_Your_Files.html" file that contains a ransom note.

An example of how AstraLocker 2.0 renames files: it renames "1.jpg" to "1.jpg.Astra" or "1.jpg.AstraLocker", "2.png" to "2.png.Astra" or "2.png.AstraLocker", and so forth.

What is Jhdd ransomware?

Jhdd is a piece of malicious software classified as ransomware that our researchers discovered while looking through new malware submissions on VirusTotal. We determined that Jhdd belongs to the Djvu ransomware family.

After a sample was executed on our test machine, it encrypted files and appended their filenames with a ".jhdd" extension. To elaborate, a file initially titled "1.jpg" appeared as "1.jpg.jhdd", "2.png" as "2.png.jhdd", and so on for all of the affected files. Once this process was completed, a ransom note named "_readme.txt" was created.

What kind of application is AnalyticDeal?

AnalyticDeal is the name of an untrustworthy application designed to feed users with unwanted advertisement. It operates as adware. Our team has discovered AnalyticDeal on a shady website suggesting that some installed software is outdated. It is very common for adware-type apps to be promoted/distributed using dubious techniques.

What kind of malware is Dmay?

Dmay is ransomware - a type of malware that encrypts files. We have discovered it while examining samples submitted to VirusTotal. It was found that Dmay is part of the Djvu ransomware family. In addition to encrypting files, it renames them (appends the ".dmay" extension to filenames), and creates a ransom note (the "_readme.txt" file).

An example of how Dmay ransomware renames files: it changes "1.jpg" to "1.jpg.dmay", "2.png" to "2.png.dmay", "3.exe" to "3.exe.dmay", and so forth.