Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Colibri?

Colibri is the name of a malware loader - a piece of software that drops the actual malicious content on the operating system. We have discovered Colibri on hacker forums. Our team has found that cybercriminals sell it for $150 for a week and $400 for a month (and offer free updates). Colibri targets Windows computers.

What is Kera-tx52 ransomware?

Our research team discovered Kera-tx52 while inspecting new submissions to VirusTotal. This malicious program is classified as ransomware - a type of malware that encrypts data (renders it inaccessible) to make ransom demands for the decryption.

On our test system, Kera-tx52 encrypted files and appended their filenames with an extension consisting of four random characters. For example, a file initially titled "1.jpg" appeared as "1.jpg.hofu", "2.png" as"2.png.9p53", and so on. Once this process was completed, Kera-tx52 created a text file named "read_it.txt" and changed the desktop wallpaper.

What is Introduce Standards?

Introduce Standards is a browser extension our researchers discovered while inspecting dubious download pages promoted by sites using rogue advertising networks. This piece of software promises to enable easy access to online resources concerning the standards of various industries. Instead, our analysis uncovered that Introduce Standards operates as adware.

What is the "Blockchain[.]com email scam"?

We have examined this email and learned that this is a fake notification letter regarding an unauthorized login attempt. It contains a link to a phishing site (disguised as a legitimate blockchain[.]com website). Scammers behind this email attempt to steal blockchain[.]com accounts.

What is searchtoolshub.com?

We have discovered searchtoolshub.com after using a browser-hijacking installer downloaded from a website promoted via other sites that use questionable advertising networks. After testing the searchtoolshub.com address, we learned that it is a fake search engine.

What kind of scam is "Your Password Expires Today"?

We have examined this email and found that it is disguised as a letter from Microsoft regarding account password expiry. It contains a hyperlink that opens various untrustworthy websites (phishing pages, download sites for shady software, etc.). The actual Microsoft company has nothing to do with this email. Thus, it must be ignored.

What is EnumeratorConnectivity?

EnumeratorConnectivity is a rogue app that our researchers found while inspecting new submissions to VirusTotal. We determined that this application operates as adware. Additionally, we learned that EnumeratorConnectivity belongs to the AdLoad malware family.

What kind of malware is F**k3dup?

F**k3dup ransomware (its name is censored) is malware that encrypts files. We have discovered it while checking VirusTotal for recently submitted malware samples. It was found that F**k3dup blocks access to files, appends its extension to filenames, and creates a text file "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt". Also, it belongs to the Xorist ransomware family.

F**k3dup appends ".f**ck3dup" extension (its is censored too) to filenames. For example, it renames "1.jpg" to "1.jpg.f**ck3dup", "2.png" to "2.png.f**ck3dup". The "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" is a ransom note.

What kind of malware is Iiof?

We have discovered the Iiof ransomware while analyzing the samples submitted to VirusTotal. Our malware researchers learned that Iiof encrypts files, appends the ".iiof" extension to filenames, and generates a text file ("_readme.txt") containing a ransom note.

An example of how Iiof renames files: it changes "1.jpg" to "1.jpg.iiof", "2.exe" to "2.exe.iiof", and so forth. Another detail about Iiof is that this ransomware variant belongs to the Djvu ransomware family

What is BinaryEngine?

We discovered the BinaryEngine application while inspecting new submissions to VirusTotal. After analyzing this app, we determined that it operates as advertising-supported software (adware). This piece of software also belongs to the AdLoad malware family.