Virus and Spyware Removal Guides, uninstall instructions

What kind of application is Health Adviser?

Health Adviser is advertised as an app for finding meal plans and recipes. It helps users to learn how to cook. We have discovered this app on a deceptive website offering to download a "recommended Chrome extension". After installing and examining the Health Adviser app, we found that it operates as adware - it generates advertisements.

What is Rainbow Blocker?

During a routine inspection of deceptive download pages, our research team discovered the Rainbow Blocker browser extension. This piece of software claims to be an adblocker (online advertisement remover); instead, it operates as adware. After analyzing Rainbow Blocker, we learned that it displays ads and collects private data.

What kind of malware is Xcbg?

Our malware researchers have discovered Xcbg while examining malware samples submitted to VirusTotal. It was found that Xcbg is ransomware designed to encrypt and rename files (append the ".xcbg" extension to filenames) and create the "_readme.txt" file. We also learned that Xcbg belongs to the Djvu ransomware family.

An example of how Xcbg renames files: it renames "1.jpg" to "1.jpg.xcbg", "2.png" to "1.png.xcbg", and so forth. The text file that Xcbg creates contains a ransom note.

What is Kqgs ransomware?

Kqgs is a ransomware-type program that our research team discovered during a routine inspection of new malware submissions to VirusTotal. We determined that Kqgs belongs to the Djvu ransomware family.

After analyzing this malicious program, we learned that it encrypts data and appends the filenames of affected files with a ".kqgs" extension. On our test system a file initially titled "1.jpg" appeared as "1.jpg.kqgs", "2.png" as "2.png.kqgs", etc. After the encryption was completed, a ransom note named "_readme.txt" was created.

What kind of malware is Bpqd?

This malware was discovered by Petrovic. It was found that Bpqd operates as ransomware - it encrypts files. Also, it appends the ".bpqd" extension to filenames (for example, renames "1.jpg" to "1.jpg.bpqd", "2.png" to "2.png.bpqd"), and creates a ransom note ("_readme.txt" file). Bpqd is part of the Djvu ransomware family.

What kind of page is financesurvey[.]site?

Financesurvey[.]site is a deceptive website that displays a fake survey, asks for permission to show notifications, and promotes other websites. Our team has discovered this site while examining illegal movie streaming, torrent, and similar pages. It was concluded that this page cannot be trusted.

What kind of malware is Report?

Our team has discovered a ransomware variant called Report while inspecting the malware samples submitted to VirusTotal. It was found that Report is of the ransomware variants that belong to the Xorist family. Once executed, it encrypts files and appends the ".report" extension to filenames.

Report also displays a pop-up window and creates a text file (its filename is written in Latin-based chatracters). Both of them contain ransom notes. An example of how Report renames files: it replaces "1.jpg" with "1.jpg.report", "2.png" with "2.png.report", and so forth.

What kind of software is SmartProducts?

Our team has discovered the SmartProducts application while analyzing the samples submitted to VirusTotal. After examining the app, it was found that it generates advertisements - SmartProducts is an advertising-supported application. A big part of apps like SmartProducts is promoted and (or) distributed using questionable methods.

What kind of scam is "Your antivirus protection has expired"?

We have discovered this pop-up scam while testing various websites that use rogue advertising networks (display shady ads and redirect visitors to untrustworthy pages). We concluded that the purpose of this pop-up scam is to trick visitors into believing that their computers are infected with malware.

What kind of scam is "Your system has been hacked with a Trojan virus"?

After examining the email, we have concluded that it is one of those scams used to scare recipients into transferring money to scammers. Scammers behind it attempt to trick recipients into believing that their computers are infected. They urge recipients to transfer a specified amount of Bitcoin to avoid further damage.