Virus and Spyware Removal Guides, uninstall instructions

What kind of website is mund35ane-cha11nnel[.]xyz?

Mund35ane-cha11nnel[.]xyz is an untrustworthy website that runs the "McAfee - Your PC is infected with 5 viruses!" scam and asks for permission to show deceptive notifications. We have discovered it while visiting pages (illegal movie streaming sites, pages offering to download videos from YouTube, etc.) that use rogue advertising networks.

What kind of page is youzik[.]app?

While inspecting shady sites, our researchers discovered the youzik[.]app website. It operates as a YouTube converter/downloader, i.e., this site allows users to convert video links from this platform into downloadable audio files (MP3 format).

Not only does this service break copyright laws, but youzik[.]app also employs rogue advertising networks for monetization purposes. These networks are known to promote deceptive and malicious content.

What kind of page is listentoyou[.]tube?

Listentoyou[.]tube is a website offering to download music from YouTube in MP3 format. However, it uses rogue advertising networks - it opens various questionable (potentially malicious) pages. It is worth mentioning that pages using the networks mentioned above can display shady advertisements.

What is CommonOperation?

During a routine inspection of new submissions to VirusTotal, our research team found the CommonOperation application. Following our analysis, we determined that this piece of software operates as adware and belongs to the AdLoad malware family.

What kind of malware is SMSControllo?

SMSControllo is the name of an Android malware targeting residents of Italy. This malware can steal SMS messages (read and send them to a server controlled by the attackers) and share the infected device's screen. It is likely that threat actors use email attachments or SMS to deliver SMSControllo malware.

What is Ygvb ransomware?

Ygvb is a piece of malicious software classified as ransomware. Our researchers found this program while inspecting new submissions to VirusTotal, and determined that it belongs to the Djvu ransomware family.

After being launched onto our test machine, Ygvb encrypted files and appended their filenames with a ".ygvb" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.ygvb", "2.png" as "2.png.ygvb", etc. Once this process was completed, a ransom-demanding message - "_readme.txt" - was created.

What kind of application is CapacityMegabyte?

CapacityMegabyte is the name of an advertising-supported application that our team has discovered on a deceptive website offering to update the Adobe Flash Player. The purpose of this application is to generate intrusive advertisements. In most cases, apps of this type are promoted and distributed using questionable methods.

What kind of website is freeadvhub[.]com?

Freeadvhub[.]com is one of the deceptive pages that use a clickbait technique to get permission to show notifications from visitors. Additionally, it redirects them to other shady pages. Our team has discovered freeadvhub[.]com while visiting sites that use rogue advertising networks (e.g., illegal movie streaming, torrent pages).

What kind of ransomware is Nuhb?

We have discovered a new Djvu ransomware variant called Nuhb. It was found while examining malware samples submitted to VirusTotal. While analyzing Nuhb, we learned that it encrypts files and appends the ".nuhb" extension to filenames. Also, it provides a ransom note - it creates a text file named "_readme.txt".

An example of how Nuhb ransomware renames files: it changes "1.jpg" to "1.jpg.nuhb", "2.exe" to "2.exe.nuhb", "3.png" to "3.png.nuhb".

What kind of malware is Dwqs?

Dwqs encrypts files and appends the ".dwqs" extension to filenames. Also, it creates the "_readme.txt" file (a ransom note). Dwqs is ransomware that belongs to the Djvu family. We have discovered this ransomware variant while inspecting malware samples submitted to the VirusTotal page.

An example of how Dwqs modifies filenames: it renames "1.jpg" to "1.jpg.dwqs", "2.png" to "2.png.dwqs", "3.exe" to "3.exe.dwqs", and so forth.