Virus and Spyware Removal Guides, uninstall instructions

What is Blaze ransomware?

Blaze is a piece of malicious software categorized as ransomware. Our researchers found it during a routine inspection of new malware submissions to VirusTotal. We have determined that this program belongs to the Babuk ransomware family.

After being launched onto our test system, Blaze began encrypting files and appending their filenames with the ".blaze" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.blaze", "2.png" as "2.png.blaze", etc. Afterwards, a ransom-demanding message - "How To Decrypt.txt" - was created on the desktop.

What kind of page is funksolutions[.]org?

During a routine inspection of shady websites, our researchers found the funksolutions[.]org page. It operates by pushing browser notification spam and redirecting visitors to other (likely unreliable/malicious) sites. Webpages like funksolutions[.]org are usually accessed via redirects caused by sites using rogue advertising networks.

What kind of page is notadsnow[.]com?

Notadsnow[.]com is yet another browser notification spam promoting webpage that our researchers discovered. This site is designed to trick visitors into enabling its browser notifications, and it can also redirect them to other (likely untrustworthy or malicious) pages.

Most users access websites like notadsnow[.]com via redirects caused by sites using rogue advertising networks.

What kind of website is checkpcsecurity[.]com?

We have discovered the checkpcsecurity[.]com page while examining other sites that use rogue advertising networks. After analyzing checkpcsecurity[.]com, we found that it is virtually to "McAfee - Your PC is infected with 5 viruses!" scam website. Additionally, it asks for permission to show shady notifications.

What kind of malware is Avast?

Our team has discovered a TargetCompany ransomware variant called Avast (named after Avast cybersecurity software company) while examining the samples submitted to VirusTotal. Avast's developers have created a decryption tool for other variants of the TargetCompany ransomware. Cybercriminals behind the Avast ransomware probably chose this name to avenge the Avast company for creating a decryption tool.

We analyzed the Avast ransomware and found that it encrypts files, appends its extension (".avast") to filenames, and drops the "RECOVERY INFORMATION.txt" file containing a ransom note. An example of how this ransomware renames files: it changes "1.jpg" to "1.jpg.avast", "2.png" to "2.png.avast", and so forth.

What kind of app is YourCouponSearch?

Our team has discovered an application called YourCouponSearch while examining shady websites. After installing this app, we noticed that it changed the web browser's settings. It hijacked a web browser to promote yourcouponsearch.com - a fake search engine. Browser hijackers and fake search engines cannot be trusted.

What is ByteDefender ransomware?

Our researchers found the ByteDefender ransomware-type program (not to be confused with the legitimate Bitdefender anti-virus software) while inspecting new malware submissions on VirusTotal. It is designed to encrypt data and make ransom demands for the decryption.

Once launched on our test machine, ByteDefender encrypted files but (unlike most ransomware) did not alter their filenames. After the encryption process was completed, a ransom note was displayed in a pop-up window.

Based on the message, it is clear that ByteDefender is still in development. The variant we analyzed is decryptable; the recovery password is "!dPz49.N" (sans quotation marks). However, it is noteworthy that later variants may use different and unique passwords.

What kind of malware is BlackGuard?

We have discovered an information-stealing malware called BlackGuard while browsing various hacker forums. This piece of malware is written in the C# programming language. Its monthly subscription costs $200. It also can be purchased by making a $700 one-time payment. The purpose of BlackGuard is to extract sensitive information.

What kind of email is "BNP PARIBAS"?

After inspecting this "BNP PARIBAS" email, we determined that it is spam. While it is presented as a message from the BNP Paribas international banking group, this email is fake and in no way associated with said bank.

This spam letter targets Polish-speaking users and attempts to trick them into disclosing sensitive information by claiming that the telephone number they provided to "BNP PARIBAS" requires confirmation.

What is "NAVY FEDERAL CREDIT UNION" email scam?

Our team has examined this email and found that scammers behind it pretend to be representatives of the Navy Federal Credit Union, a legitimate credit union. It was concluded that this is a typical phishing campaign. Scammers behind it have one goal - to trick recipients into clicking the provided website and entering their bank account login credentials.