Virus and Spyware Removal Guides, uninstall instructions

What kind of application is Scroll to Top?

Scroll to Top is described as an application allowing users to quickly get back to the top (or bottom) of the page. We have tested this app and learned that it is an advertising-supported browser extension - it generates advertisements. We also found that Scroll to Top is promoted using a deceptive website.

What kind of page is zoutubephaid[.]com?

Zoutubephaid[.]com is a rogue webpage designed to push browser notification spam and redirect visitors to different (likely unreliable/malicious) websites.

Our researchers discovered this page while inspecting websites that use rogue advertising networks. Redirects caused by such sites are how most users enter zoutubephaid[.]com and similar pages. However, mistyping a URL, clicking on an intrusive advertisement or a spam notification - can also result in entry to a rogue website. Adware may also force-open these webpages.

What kind of email is "Due To Recent Upgrade Or Error"?

Our analysis of the "Due To Recent Upgrade Or Error" email uncovered that it is spam use for phishing purposes. This letter baits recipients into disclosing their email account log-in credentials by claiming that the password will expire soon. When users press either of the links in the email, they are redirected to a phishing website that mimics the supposedly endangered account's site.

What kind of malware is SiMay?

SiMay is the name of malware designed to allow an attacker to remotely control/access an infected computer. This type of malware is called a Remote Administration Trojan (RAT). RATs are used to steal information or files, distribute malware, and for other purposes. We have discovered SiMay while examining malware samples submitted to VirusTotal.

What is Unlocker ransomware?

Unlocker is a ransomware-type program. After being launched on our test machine, this ransomware encrypted files and appended their filenames with ".[unlocker@onionmail.org].[victim's_ID].lock", consisting of the attackers' email address, a unique ID assigned to the victim, and the ".lock" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.[unlocker@onionmail.org].[ADGW9].lock".

Once this process was completed, a ransom note - "README_WARNING.TXT" - was created.

What kind of malwre is Bomber?

Bomber is ransomware variant that belongs to the Amnesia ransomware family. We have discovered Bomber ransomware while checking VirusTotal for recently submitted malware samples. This variant encrypts files and modifies filenames by replacing their names with a string of random characters and appending the ".bomber" to them.

Also, Bomber creates a ransom note (the "HOW TO RECOVER ENCRYPTED FILES.TXT" text file). An example of how this ransomware renames files: it replaces "1.jpg" with "76VqRuusf1YPhpNNAcCqNwVi79RqkUKW4TEwk58b2+MMf9+p.bomber", "2.png" with "HGgTZOJvQ6PvljFoPtIAcr9oi6kgvbnml4fhjkdl4+Lpo6+j.bomber", and so forth.

What kind of application is BrowserDisplay?

Our team has tested the BrowserDisplay application and found that it operates as adware - it generates intrusive advertisements. We have discovered this application while examining various shady websites. Typically, apps like BrowserDisplay are promoted and distributed using deceptive methods.

What kind of page is noobilubi[.]com?

Noobilubi[.]com displays deceptive content to trick visitors into allowing it to show notifications and redirects them to other pages designed to do the same. Typically, these pages do not get visited on purpose. Our team has discovered noobilubi[.]com during periodical research on other shady websites that use rogue advertising networks.

What is hipnoticrec[.]biz?

The purpose of hipnoticrec[.]biz is to trick visitors into agreeing to receive notifications and redirect them to shady websites. We have discovered hipnoticrec[.]biz while examining web pages that use rogue advertising networks. It cannot be trusted or should be allowed to deliver notifications.

What kind of page is express-new[.]com?

Our research team found the express-new[.]com rogue webpage during a routine inspection of untrustworthy sites. It is designed to lure visitors into allowing it to deliver browser notification spam. Express-new[.]com is also capable of redirecting users to other (likely unreliable/malicious) websites. Most visitors to such webpages access them via others that employ rogue advertising networks.