Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Escobar?

Our malware researchers have found Escobar while inspecting hacker forums. It is a banking Trojan targeting Android users. We learned that at the moment, its developer is offering to purchase a monthly subscription of the Beta version for $3000.

What is Koobn ransomware?

Koobn is a ransomware-type program that our research team sampled from VirusTotal. Malware of this type is designed to render data inaccessible and demand ransoms for the recovery.

Once launched on our test machine, this ransomware encrypted files and appended their filenames with a random character string and the ".koobn" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.eiIZ7Mio4ZN1Jp55iKjeRGir8QNGGVc8oEdwJplOOHf_mwWz_OGsrdM0.koobn".

After the encryption process was completed, Koobn dropped a ransom note - "7CYT_HOW_TO_DECRYPT.txt" - onto the desktop. Based on the message in this file, we can surmise that this ransomware targets companies rather than home users.

What kind of malware is SSJ?

We have discovered SSJ while analyzing the samples submitted to VirusTotal. It was concluded that SSJ is ransomware - malware that encrypts files. Additionally, SSJ appends the ".BUYBITCOIN" extension to filenames (for example, it renames "1.jpg" to "1.jpg.BUYBITCOIN", "2.png" to "2.png.BUYBITCOIN"), and creates the "README SSJ RANSOMWARE.txt" file/a ransom note.

What kind of page is mywebprotector[.]com?

During a routine inspection of untrustworthy websites, our research team found the mywebprotector[.]com page. This site promotes deceptive material, pushes browser notification spam, and redirects visitors to other unreliable and malicious webpages.

While most users enter pages like mywebprotector[.]com via websites that use rogue advertising networks, they can also be accessed through mistyped URLs or redirects caused by intrusive ads, spam notifications, or installed adware.

What kind of application is ReviewVenture?

Our team has discovered an adware-type application named ReviewVenture while inspecting the samples submitted to VirusTotal. Since ReviewVenture is adware, its purpose is to generate advertisements. In most cases, adware gets downloaded and installed inadvertently (it is promoted/distributed using questionable methods).

What is SolveCenter?

While inspecting new submissions on VirusTotal, our researchers discovered the SolveCenter application. After analyzing it, we learned that SolveCenter operates as adware and is part of the AdLoad malware family.

What kind of malware is Vyia?

Our malware researchers have discovered Vyia while checking the samples submitted to VirusTotal. They found that Vyia is ransomware that encrypts files, changes their extension, and creates the "_readme.txt" file.

An example of how Vyia renames files: it changes "1.jpg" to "1.jpg.vyia", "2.png" to "2.png.vyia". The "_readme.txt" file contains a ransom note/provides contact and payment information. We also learned that Vyia belongs to a ransomware family called Djvu.

What kind of website is deeginews[.]com?

Deeginews[.]com displays deceptive content to trick visitors into agreeing to receive notifications and redirects to shady websites. Our team has discovered deeginews[.]com while analyzing other sites that use rogue advertising networks. In most cases, sites like deeginews[.]com get visited unintentionally.

What is D3adCrypt ransomware?

We learned of D3adCrypt when a victim reported it in a support forum. This malicious program is categorized as ransomware; it operates by encrypting data and making ransom demands for the decryption.

Our researchers obtained a sample of D3adCrypt from VirusTotal. On our test machine, this ransomware appended the encrypted files with a ".d3ad" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.d3ad", "2.jpg" as "2.jpg.d3ad", etc. Once this process was finished, D3adCrypt created a ransom-demanding message - "d3ad_Help.txt" - on the desktop.

What is QuantityExact?

QuantityExact is an adware-type application that our researchers discovered while looking through new submissions to VirusTotal. We also learned that this piece of software belongs to the AdLoad malware family.