Virus and Spyware Removal Guides, uninstall instructions

What is MultiDetail?

MultiDetail is a rogue application that our research team discovered while inspecting new submissions to VirusTotal. After analyzing this piece of software, we determined that it is an adware belonging to the AdLoad malware family.

What is the "Your Account Needs Attention!" email?

"Your Account Needs Attention!" is a spam email that we have received and subsequently analyzed. We determined that it is a phishing scam.

The letter claims that unless the recipient updates their email account - it will be deactivated in a matter of hours. This spam mail aims to trick the recipient into disclosing sensitive information, most likely the email account's log-in credentials.

What kind of scam is "Access to this PC has been blocked for due to illegal activities"?

Our team has discovered this technical support scam page while examining websites that use rogue advertising networks and have deceptive ads on them. We learned that the purpose of this page is to scare visitors into calling the provided number (into contacting scammers for fake technical support).

What is the Ask Ali browser extension?

Our researchers discovered the Ask Ali browser extension while inspecting deceptive download webpages. This extension promises easy access to "one of the most prominent online shopping services". The extension's name and the imagery used in its official webpage imply that the e-commerce platform in question is AliExpress. However, it must be emphasized that this piece of software is in no way associated with AliExpress or the Alibaba Group.

Following analysis, we have concluded that the Ask Ali browser extension operates as advertising-supported software (adware).

What kind of website is websiteshove[.]com?

We have analyzed the websiteshove[.]com page and found that it uses a clickbait technique to trick visitors into granting it permission to show untrustworthy notifications and redirects to other websites. Our team has discovered websiteshove[.]com while visiting pages that use rogue advertising networks.

What is HermeticWiper?

On February 23rd, another wave of geopolitically-motivated attacks was observed in Ukraine. This campaign employs HermeticWiper (also known as FoxBlade) - a piece of malicious software designed to wipe (delete) data and render devices using the Windows Operating System (OS) - inoperable.

Attacks of this type can be incredibly devastating. When leveraged against governmental bodies or the business sector, they can cause permanent loss of crucial data and disrupt essential services.

What kind of malware is Jjtt?

Our team has discovered the Jjtt ransomware while checking malware samples submitted to VirusTotal. It was found that Jjtt is part of the Djvu ransomware family. Jjtt encrypts files, appends the ".jjtt" extension to filenames, and creates the "_readme.txt" file.

The "_readme.txt" file is a ransom note containing mainly contact and payment information. An example of how files get renamed by Jjtt: a file named "1.jpg" gets renamed to "1.jpg.jjtt", "2.png" to "2.png.jjtt", and so on.

What kind of email is "Payment Forecast Of The Attached Invoice"?

We have analyzed this email and found that its purpose is to trick recipients into providing email account login credentials on the presented phishing website. This email is disguised as an urgent letter regarding payment status.

What is JS ransomware?

Our researchers found the JS ransomware-type program during a routine inspection of new malware submissions to VirusTotal.

After launching a sample on our test machine, we learned that the JS program encrypts files and appends their filenames with a ".JS" extension (not to be confused with the .JS JavaScript file extension). For example, a file initially named "1.jpg" appeared as "1.jpg.JS", "2.jpg" as "2.jpg.JS", and so on.

Once the encryption was completed, the ransomware created a ransom note - "RESTORE_FILES_INFO.txt" - on the desktop. The text presented within it allows us to conclude that the JS malicious program targets companies rather than home users.

What kind of malware is Binwu?

Binwu is ransomware that belongs to a ransomware family called Xorist. Our team has discovered Binwu while examining the samples submitted to VirusTotal. After analyzing this ransomware, we have found that it encrypts files, appends the ".Binwu" extension to filenames, and creates the "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" file/a ransom note.

An example of how Binwu modifies filenames: it renames "1.jpg" to "1.jpg.Binwu", "2.png" to "2.png.Binwu", "3.exe" to "3.exe.Binwu", and so on.