Virus and Spyware Removal Guides, uninstall instructions

What kind of page is captcha4greatpeaple[.]top?

Captcha4greatpeaple[.]top is designed to trick visitors into allowing it to show notifications (into clicking the "Allow" button displayed by a browser). Our team discovered this page while examining torrent sites, illegal movie streaming sites, and other pages that use shady advertising networks.

What is the "Zoho Email Phishing Scam"?

"Zoho Email Phishing Scam" refers to spam emails that operate as phishing scams - under the guise of messages from the Zoho Corporation. It must be emphasized that such emails are in no way associated with the actual Zoho technology company.

Our researchers have found multiple instances of scam letters that use this company's name to promote practically identical phishing websites. These spam campaigns aim to trick recipients into disclosing their email account log-in credentials through said sites.

What kind of website is deretikijob[.]xyz?

After analyzing the deretikijob[.]xyz site, we found that it displays deceptive a message to trick visitors into agreeing to receive notifications. Also, it redirects to other websites. We discovered deretikijob[.]xyz while examining websites that use rogue advertising networks (such as torrent sites, illegal streaming pages, etc.).

What kind of scam is "Enter Your Best Valid Email to Confirm That You're Not a Robot"?

Our team has discovered this scam website during the analysis of websites that use rogue advertising networks (that display shady ads and redirect visitors to other pages). We found that scammers behind this page attempt to trick visitors into providing their email addresses.

What is Kashima ransomware?

Kashima is a piece of malicious software categorized as ransomware. Our research team discovered it during a routine inspection of new submissions to VirusTotal.

Typically, ransomware operates by encrypting files for the purpose of making ransom demands for their decryption. However, after analyzing Kashima, we determined that it targets specific file formats while bypassing those more commonly targeted by such malware. Additionally, this malicious program does not make clear ransom demands.

Once a sample was launched on our test system, this ransomware encrypted the following formats - .cfg, .config, .js, .NOOB, .lua, .lw, and .tryme. It also appended their filenames with the ".KASHIMA" extension. For example, a file originally titled "1.cfg" appeared as "1.cfg.KASHIMA", and so on for all of the compromised files. Afterward, a message was displayed in a pop-up window.

What kind of application is AdzShield?

Our team has discovered the AdzShield application while auditing shady websites that display pop-ups to promote it. After testing the app, we learned that it operates as adware - it generates intrusive advertisements. Pretty often, adware developers conceal the fact that their software generates ads.

What is PointAnalytics?

PointAnalytics is a rogue app that was reported by a user on a support forum. After analyzing this piece of software, our researchers determined that it operates as adware. Additionally, we learned that PointAnalytics belongs to the AdLoad malware family.

What kind of malware is pEaKyBlNdEr?

pEaKyBlNdEr is ransomware that belongs to the Xorist family. We have discovered it while checking the VirusTotal site for recently submitted malware samples. After analyzing pEaKyBlNdEr, we learned that it encrypts files and appends ".pEaKyBlNdEr" extension to filenames. It provides ransom notes in the "HOW TO DECRYPT FILES.txt" file and pop-up window.

An example of how pEaKyBlNdEr ransomware modifies filenames: it renames "1.jpg" to "1.jpg.pEaKyBlNdEr", "2.png" to "2.png.pEaKyBlNdEr", and so on.

What kind of malware is GootLoader?

We have discovered GootLoader malware while examining legitimate but compromised websites (mainly websites managed using WordPress). It was found that GootLoader is used to infect computers with additional malware. Cybercriminals using GootLoader seek to trick users into unknowingly downloading and executing the malware by disguising it as a document or other file.

What kind of malware is Xioxian?

We have discovered the Xioxian while analyzing malware samples submitted to the VirusTotal page. It was found that Xioxian is ransomware. It encrypts files, appends the ".xioxian" extension to filenames, and generates a ransom note (the "#Congratulations#.txt" file).

An example of how Xioxian modifies filenames: it renames "1.jpg" to "1.jpg.xioxian", "2.png" to "2.png.xioxian", and so forth.