Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is LOCKFILE?

We have discovered the LOCKFILE ransomware while checking VirusTotal for recently submitted malware samples. After analyzing this ransomware, we learned that it encrypts files, appends ".LOCKFILE" extension to filenames, and generates three ransom notes: two pop-up windows and a text file named "ДЕБЛОКИРОВКА ФАЙЛОВ.txt".

Ransom notes are written in the Russian language. Thus, victims who do not have it installed see ransom notes written in gibberish. An example of how LOCKFILE modifies filenames: it renames "1.jpg" to "1.jpg.LOCKFILE", "2.exe" to "2.exe.LOCKFILE". Another detail about LOCKFILE is that it belongs to the Xorist ransomware family.

What kind of software is TaskCentral?

Our team has discovered the TaskCentral application while checking the samples submitted to VirusTotal. After analysis, it was concluded that TaskCentral is typical adware - it bombards users with unwanted advertisements. Typically, adware is distributed using deceptive methods.

What is Cavallososo ransomware?

Cavallososo is a piece of malicious software belonging to the ZEPPELIN ransomware family. Our research team found a sample of this ransomware while inspecting new submissions to VirusTotal.

Once launched onto our test machine, Cavallososo encrypted files and appended their filenames with a ".Cavallososo.[victim's_ID]" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg. Cavallososo.F19-784-369",a nd so on for all of the affected files.

Afterward, a ransom note named "!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT" was created on the desktop. Based on the message in this file, it is evident that this ransomware targets companies rather than home users.

What kind of application is TopMoviesLinks Default Search?

We have discovered the TopMoviesLinks Default Search app while doing our periodical research on shady advertising networks and deceptive pop-ups used to trick users into installing this extension. After testing the app, we have learned that it alters the settings of a browser - it hijacks a browser to promote a fake search engine.

What kind of malware is Rtgf?

Our team has discovered the Rtgf ransomware while analyzing malware samples submitted for VirusTotal. Rtgf belongs to the Djvu ransomware family. It encrypts files and appends the ".rtgf" as their new extension. Also, it creates the "_readme.txt" file to provide victims with contact and payment information.

An example of how Rtgf modifies filenames: it renames "document.txt" to "document.txt.rtgf", "file.exe" to "file.exe.rtgf", and so on.

What kind of page is pushnotstudio[.]com?

Pushnotstudio[.]com is a rogue site, which our research team discovered while inspecting shady pages. It is designed to push spam browser notifications and cause redirects to other unreliable/malicious websites.

Visitors to pushnotstudio[.]com and similar sites primarily access them via redirects caused by webpages that use rogue advertising networks.

What is BetterSearch Default Search?

BetterSearch Default Search is a browser extension that we found while inspecting untrustworthy websites. Our researchers classified this piece of software as a browser hijacker. BetterSearch Default Search operates by making changes to browser settings and promotes the better-search.xyz fake search engine.

What is Page Darker?

Page Darker is a browser extension promising to create a dark mode for simple websites. After analyzing this piece of software, we have determined that it operates as adware. Page Darker delivers intrusive ad campaigns and spies on users' browsing activity.

What kind of page is webpushtech[.]com?

Webpushtech[.]com is a rogue site promoting browser notification spam. Additionally, it is capable of redirecting visitors to other untrustworthy and malicious pages.

Our research team discovered this website while researching sites using rogue advertising networks. Most users access webpushtech[.]com and similar pages via such websites. However, they can also be entered through mistyped URLs or redirects caused by spam notifications, intrusive ads, or installed adware.

What kind of page is pubavideo[.]ru?

Pubavideo[.]ru is a website that uses clickbait techniques to trick unsuspecting visitors into permitting it to show notifications. Additionally, pubavideo[.]ru can redirect visitors to other websites. We have discovered this site during the analysis of various illegal streaming, torrent, and similar sites that use shady advertising networks.