Virus and Spyware Removal Guides, uninstall instructions

What is Asd (VoidCrypt) ransomware?

Found by our researchers in new malware submission on VirusTotal, Asd is the name of a ransomware-type program belonging to the VoidCrypt family. On our test system, this ransomware encrypted files and renamed them.

Filenames were appended with a unique ID, the cyber criminals' email address, and a ".asd" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.(MJ-ZI9350824671)(Bnbcipher@gmail.com).asd". Afterward, Asd dropped two ransom notes - "Decryption-Guide.txt" and "Decryption-Guide.HTA" - onto the desktop.

What is Get Dark?

Get Dark is a browser extension promising to enable dark mode for simple-design websites. After analyzing this extension, our researchers concluded that Get Dark is a browser hijacker that modifies browsers to promote the yesjis.com illegitimate search engine.

What kind of page is youtubetomp3song[.]com?

Youtubetomp3song[.]com is yet another website offering YouTube video conversion to downloadable MP3 (audio) files. In addition to breaking copyright laws, this site also uses rogue advertising networks. Therefore, visitors to youtubetomp3song[.]com can get redirected to a wide variety of untrustworthy and harmful webpages.

What kind of malware is Encrpt?

Our malware researchers have discovered the Encrpt ransomware while checking the malware samples submitted to VirusTotal. After analysis, we have concluded that Encrpt is part of the VoidCrypt ransomware family. This ransomware variant encrypts files and appends a string of random characters, encrpt@criptext.com email address, and the ".encrpt" extension.

Also, Encrpt generates two ransom notes: "Decryption-Guide.txt" and "Decryption-Guide.HTA". An example of how Encrpt modifies filemames: it renames "1.jpg" to "1.jpg.(MJ-EW7291645308)(Encrpt@criptext.com).encrpt", "2.txt" to "2.txt.(MJ-EW7291645308)(Encrpt@criptext.com).encrpt", and so on.

What is Mlock ransomware?

During a routine inspection of new submissions on VirusTotal, our researchers found yet another ransomware-type program belonging to the MedusaLocker family.

This malicious program named Mlock - encrypted and renamed the files on our test machine. It added the ".mlock5" extension to filenames, e.g., "1.jpg" appeared as "1.jpg.mlock5", etc. It is pertinent to mention that other variants of Mlock ransomware may append file titles with differently numbered extensions.

Once the encryption process was finished, an HTML file named "HOW_TO_RECOVER_DATA.html" was dropped onto the desktop.

What kind of page is meovideo[.]ru?

We have discovered the meovideo[.]ru while visiting illegal movie streaming, adult dating, torrent, and similar sites that use questionable advertising networks. After examining meovideo[.]ru, we learned that it displays deceptive content to trick visitors into agreeing to receive untrustworthy notifications.

What is BestMusicSearches?

BestMusicSearches is a rogue browser extension. After analyzing it, our researchers classified it as a browser hijacker. BestMusicSearches operates by modifying browser settings to promote (via redirects) the bestmusicsearches.com fake search engine.

What kind of malware is BATLOADER?

BATLOADER is part of the infection chain where it is used to perform the initial compromise. This malware is used to execute payloads like Ursnif. Our team has discovered BATLOADER after executing installers for legitimate software (such as Zoom, TeamViewer Visual Studio) bundled with this malware. We have found those installers on compromised websites.

What is Power Off adware?

Power Off is a rogue application supposedly capable of managing program processes, e.g., launching, scheduling, restarting, shutting down, etc. Our researchers determined that this piece of software operates as advertising-supported software (adware) - by running intrusive advertisement campaigns.

What is 360 ransomware?

Discovered by Boanbird, 360 is the name of a ransomware-type program. When we launched a sample on our test system, it encrypted files and appended their filenames with the ".360" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.360", "2.jpg" as "2.jpg.360", and so on. Once the encryption process was completed, this ransomware created a ransom note - "!_INFO.txt" - on the desktop.