Virus and Spyware Removal Guides, uninstall instructions

What is Film Links Now | Default Search?

Discovered by our researchers while inspecting sites that use rogue advertising networks, Film Links Now | Default Search is a rogue browser extension. We determined that this piece of software is a browser hijacker. It modifies browser settings and promotes the filmlinksnow.com fake search engine.

What kind of application is Adskip Love?

We have found the Adskip Love application while visiting shady websites promoted through sites that use rogue advertising networks. Our team has tested this app and learned that it generates advertisements. Thus, Adskip Love is an advertising-supported app (adware). Ironically, its developers describe it as an extension that skips ads and blocks trackers.

What is Rdtwrmogzav ransomware?

Rdtwrmogzav is a ransomware-type program that our researchers found while looking through new malware submissions on VirusTotal. Additionally, we determined that this program is part of the Snatch ransomware family.

After being launched on our test system, Rdtwrmogzav encrypted files and appended their names with a ".rdtwrmogzav" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.rdtwrmogzav", "2.jpg" as "2.jpg.rdtwrmogzav", etc.

Once the encryption was finished, a ransom-demanding message - "HOW TO RESTORE YOUR FILES.TXT" - was created. Based on the ransom note, we can conclude that this ransomware is targeted at companies and not at home users.

What kind of page is investmeny[.]org?

During a routine inspection of untrustworthy websites, our researchers discovered the investmeny[.]org site. This webpage promotes spam browser notifications and can redirect visitors to various unreliable/harmful sites. Most visitors to investmeny[.]org and similar pages enter them via others that use rogue advertising networks.

What kind of malware is Sojusz?

We have discovered the Sojusz ransomware while checking various forums. Apparently, cybercriminals have already performed successful attacks since users on the Internet claim that their files have been encrypted by the Sojusz ransomware. We have found that Sojusz is part of the Makop ransomware family.

Our team has also learned that Sojusz appends random characters, ustedesfil@safeswiss.com email address, and the ".sojusz" extension to filenames. For example, it renames "1.jpg" to "1.jpg.[fd4702551a].[ustedesfil@safeswiss.com].sojusz", "2.jpg" to "2.jpg.[fd4702551a].[ustedesfil@safeswiss.com].sojusz". It also creates the "-----README_WARNING-----.txt" file (a ransom note).

What is AthenaResults?

AthenaResults is a rogue application, which our researchers discovered while inspecting fake Adobe Flash Player update scam websites. Following analysis, we determined that AthenaResults is an adware-type app belonging to the AdLoad malware family.

What kind of malware is Iips?

Our team has discovered a new Djvu ransomware sample called Iips while examining websites offering to download cracked/pirated software. After analyzing the ransomware sample, we found that Iips appends the ".iips" extension to filenames and creates the "_readme.txt" file containing a ransom note.

An example of how Iips has encrypted files stored on our computer: it renamed "1.jpg" to "1.jpg.iips", "document.txt" to "document.txt.iips", and so on.

What kind of software is ConvertersCoolSearch?

We have discovered the ConvertersCoolSearch application while visiting websites that use shady advertising networks. After downloading and testing the app, our team has noticed that it hijacks a web browser: it changes the settings of the affected browser to promote converterscoolsearch.com - a fake search engine.

What is LiveTab - Live Streams in your Browser Tab?

We have discovered the download page for LiveTab - Live Streams in your Browser Tab while testing shady advertisements. It is presented as a tool for finding new games and live streams on Twitch and YouTube. After analyzing the app, we have learned that it is a browser hijacker designed to promote a shady search engine (livetab.tv).

What kind of malware is Ljubi?

We discovered the Ljubi ransomware while checking the malware samples submitted to VirusTotal (it was originally discovered by Petrovic). Our team has analyzed this ransomware and found that it does three things: it encrypts files, appends the ".ljubi" extension to filenames, and creates the "How To Restore Your Files.txt" file as its ransom note.

We also learned that Ljubi is part of the Babuk ransomware family. An example of how Ljubi changes filenames: it renames "1.jpg" to "1.jpg.ljubi", "2.jpg" to "2.jpg.ljubi", and so on.