Virus and Spyware Removal Guides, uninstall instructions

What is Ynzwj ransomware?

During a routine inspection of new malware submissions to VirusTotal, our research team found the Ynzwj ransomware. This program operates by encrypting data (rendering it inaccessible) and demanding payment for the decryption (access recovery).

On our test machine, this ransomware appended the filenames of encrypted files with a ransom character string and the ".ynzwj" extension. To elaborate, a file originally titled "1.jpg" appeared as "1.jpg.XvaMZZQ_pjSeWxoryTr9GQtAcsDJsdhkcHZMf9gYIGj_PgAAAD4AAAA0.ynzwj", and so forth.

Once the encryption was completed, a ransom-demanding message - "D3ff_HOW_TO_DECRYPT.txt" - was dropped onto the desktop. The text in this note suggests that Ynzwj likely targets companies rather than home users.

What is StreamUltraSearch?

After analyzing StreamUltraSearch, we determined that it operates as a browser hijacker. This piece of software modifies browser settings to promote the streamultrasearch.com fake search engine.

What is TechPartition?

TechPartition is a rogue app our research team found while checking out new submissions to VirusTotal. When we installed this piece of software onto our test machine, we learned that it operates as adware. Additionally, we determined that TechPartition belongs to the AdLoad malware family.

What kind of page is notificationstech[.]com?

Notificationstech[.]com is an untrustworthy website designed to trick visitors into allowing it to show notifications. Our team has discovered it while inspecting other sites that use rogue advertising networks (various illegal streaming, torrent sites, and so on). Another problem with notificationstech[.]com is that it can open other similar pages.

What is Dodohacked ransomware?

Dodohacked is the name of a ransomware-type program our research team discovered during a routine inspection of new submissions to VirusTotal. This type of malware is designed to encrypt data and demand ransoms for the decryption.

When we launched Dodohacked's sample on our test system, it encrypted files and appended their filenames with the ".dodohacked" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.dodohacked", "2.jpg" as "2.jpg.dodohacked", "3.jpg" as "3.jpg.dodohacked", etc.

Once this process was completed, an identical ransom-demanding message was created in a text file named "READITT.txt" and on the new desktop wallpaper.

What kind of application is Tail Box?

Our team has discovered the Tail Box application after downloading an app from a shady website. We have examined the app and found that it hijacks a web browser to promote the tailsearch.com address, a fake search engine. Browser hijackers and fake search engines cannot be trusted.

What is pick dark?

Our researchers discovered the pick dark browser extension during a routine inspection of deceptive download pages. This piece of software promises to enable dark mode for simple design websites. However, we determined that pick dark operates as a browser hijacker and promotes the getsins.com fake search engine.

What kind of malware is T1000?

T1000 is ransomware that our team has discovered during the analysis of malware samples submitted to VirusTotal. The purpose of ransomware is to encrypt files and demand a ransom. We found that T1000 renames encrypted files by appending the ".T1000" extension to filenames.

For example, it renames "1.jpg" to "1.jpg.T1000", "2.jpg" to "2.jpg.T1000". It also creates the "HOW_TO_DECRYPT.TXT" file containing a ransom note.

What is Get Icons?

Get Icons is a browser extension that supposedly allows users to download various icons. Our research team discovered this piece of software while inspecting deceptive download webpages. After analyzing Get Icons, we determined that it operates as advertising-supported software (adware).

What kind of software is ViewFont?

Our team discovered the application named ViewFont while checking VirusTotal for recently submitted samples. We found that the purpose of this app is to generate advertisements. ViewFont is an adware-type app that bombards users with unwanted/annoying advertisements. Usually, adware is promoted and distributed using deceptive methods.