Virus and Spyware Removal Guides, uninstall instructions

What is Oslapisavkusna ransomware?

Oslapisavkusna is a ransomware-type program that we found while inspecting new malware submissions on VirusTotal. We determined that this malicious program is part of the ZEPPELIN ransomware family.

When we launched a sample on our test system, it encrypted files and appended their filenames with a ".oslapisavkusna.[victim's_ID]" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.oslapisavkusna.201-AE2-637", and so on for all affected files.

Once this process was completed, a ransom note titled "!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT" - was created on the desktop. The text presented in this message allows us to conclude that Oslapisavkusna targets companies rather than home users.

What kind of application is multisearch.live?

We have discovered the multisearch.live application while visiting shady websites. After testing the app, we have learned that it changes the settings of a web browser to promote search.multisearch.live - a fake search engine. In other words, we have found that this app functions as a typical browser hijacker.

What is the send dark hijacker?

Send dark is the name of a browser extension advertised as a tool capable of creating a dark mode for simple design websites. After analyzing this piece of software, our researchers determined that it is a browser hijacker. Send dark modifies browsers in order to promote the getsins.com illegitimate search engine.

What kind of page is lmonopolic[.]com?

Lmonopolic[.]com is an untrustworthy page that is promoted through other pages that use shady advertising networks. We have discovered lmonopolic[.]com while checking various illegal movie streaming and torrent sites. After examining this page, we have learned that it attempts to get permission to show notifications and redirects to dubious pages.

What is kind of page is socerapp.xyz?

Socerapp[.]xyz is a deceptive website designed to display a fake system notification claiming that a network has been hacked. The purpose of this scam is to trick users into installing an application that is supposed to fix the aforementioned problem. We have discovered this pop-up scam while examining shady ads and websites using rogue advertising networks.

What kind of application is CoinCycling?

Our malware researchers have discovered the CoinCycling while inspecting download websites for cracked software and fake pop-ups offering to update the installed software. We have tested CoinCycling and found that it is designed to generate advertisements - it functions as adware.

What is ObjectRemote?

ObjectRemote is a rogue application our researchers found while inspecting new submissions on VirusTotal. We determined that this app is a piece of advertising-supported software (adware), and it also belongs to the AdLoad malware family.

What kind of malware is miK?

miK is the name of ransomware that our malware researchers have discovered while examining the malware samples submitted to VirusTotal. We have found that miK is part of the Xorist ransomware family. It encrypts files, appends the ".miK" extension to filenames, changes the desktop wallpaper, displays a pop-up window and creates the "ДЕШИФРАТОР.txt" file.

An example of how miK renames files: it changes "1.jpg" to "1.jpg.miK", "2.jpg" to "2.jpg.miK". Its ransom notes (desktop wallpaper, pop-up window, and text file) are written in Russian languages. If no Russian language is installed on Windows, then at least one of the ransom notes is displayed in gibberish.

What is Nwgen ransomware?

Our researchers found Nwgen while inspecting new submissions to VirusTotal. This malicious program is categorized as ransomware.

On our test system, Nwgen encrypted files and appended their filenames with a ".nwgen" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.nwgen", "2.jpg" as "2.jpg.nwgen", "1.docx" - "1.docx.nwgen", and so on for all of the encrypted files.

Afterwards, a ransom note - "How To Restore Your Files.txt" - was dropped onto the desktop. Based on this message, we can conclude that this ransomware is targeted at companies rather than home users. In some cases, these messages are tailored in accordance with the infection details; hence, the contents may vary from victim to victim.

What is DynamicGrid?

DynamicGrid is an application that our researchers classified as advertising-supported software (adware). Additionally, they have determined that DynamicGrid belongs to the AdLoad malware family.