Virus and Spyware Removal Guides, uninstall instructions

What is TravelNow?

Discovered by our researchers during a routine inspection of sites that use rogue advertising networks, TravelNow is a rogue application. After analyzing it, we determined that it operates as advertising-supported software (adware).

What kind of malware is Aumcc?

We have examined the Aumcc ransomware and found that it encrypts files, appends a string of random characters and the ".aumcc" extension to filenames, and generates a ransom note (a text file named "3LUo_HOW_TO_DECRYPT.txt"). Our team has discovered Aumcc while checking the malware samples submitted to VirusTotal.

An example of how Aumcc modifies filenames: it renmaes "1.jpg" to "1.jpg.HlMZCanvyBm1DSYgKy2OX3soqeJnaJM2PR2j0FyWq5j_AAAAAAAAAAA0.aumcc", "document.txt" to "document.txt.HlMZCanvyBm1DSYgKy2OX3soqeJnaJM2PR2j0FyWq5j_AAAAAAAAAAA0.aumcc".

What kind of page is thecred[.]info?

Thecred[.]info is a deceptive website that we have discovered while testing illegal movie streaming, torrent, and similar sites that use questionable advertising networks. After examining thecred[.]info, we found that the purpose of this site is to get permission to show notifications and redirect visitors to similar pages.

What is GpCODE ransomware?

GpCODE is a malicious program belonging to the Xorist ransomware family, which our researchers found when inspecting new submissions to VirusTotal.

On our test system, this ransomware encrypted files and appended the filenames with a ".GpCODE" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.GpCODE", "2.jpg" as "2.jpg.GpCODE", "3.jpg" as "3.jpg.GpCODE", and so on.

Once this process was completed, identical ransom notes were created/displayed in a pop-up window and "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" text file. It is noteworthy that the message presented in the pop-up will appear as gibberish if the system is missing the Cyrillic alphabet.

What kind of application is OptionFlow?

We have learned about the OptionFlow application while reading forums. Our researchers have concluded that OptionFlow functions as adware - it generates advertisements. We have also found that this app slows down the Safari web browser and can remove apps designed to block advertisements.

What kind of page is kn33-m3dicin3[.]xyz?

We have discovered the kn33-m3dicin3[.]xyz site while examining other pages (various illegal streaming, torrent sites) that use questionable advertising networks. After analyzing this page, we have learned that it displays deceptive content (a fake security alert) and asks for permission to show untrustworthy notifications.

What kind of software is MapIt?

After downloading and launching the sample on our testing machine, we have noticed that MapIt displays unwanted advertisements. This program works as typical adware. It is very common for adware to be downloaded and installed mistakenly/unknowingly because it is promoted and distributed using questionable methods.

What is Click Togo?

After analyzing the Click Togo browser extension, our researchers have determined that it is a browser hijacker. This piece of software alters browser settings to promote the togosearching.com fake search engine, and it spies on users' browsing activity.

What is Black ransomware?

While looking through malware support forums, our researchers found a report on Black ransomware made by its victim. Malware of this type is designed to encrypt data and make ransom demands for the decryption.

On our test machine, this ransomware encrypted files and appended their names with a ".black" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.black", "2.jpg" as "2.jpg.black", etc. Afterwards, a text file named "read_me.txt" was dropped onto the desktop. This file contained the ransom note.

What kind of page is save-secur[.]com?

Save-secur[.]com is a rogue site designed to promote browser notification spam. Our research team discovered this webpage while looking into various untrustworthy sites. In addition to using deception to lure visitors into allowing its notifications, save-secur[.]com can also redirect them to other unreliable and malicious websites.

It is noteworthy that most users enter such pages via redirects caused by sites that use rogue advertising networks. However, these websites can also be accessed through mistyped URLs or redirects caused by intrusive advertisements, and installed adware.