Virus and Spyware Removal Guides, uninstall instructions

What is Grind3lwald?

Grind3lwald is a malicious program that we found when researching new submissions on VirusTotal. Having analyzed and researched Grind3lwald, we determined that it is Remote Access Trojan (RAT).

Malware of this type is designed to enable remote access and control over infected devices. RATs usually have a wide variety of malicious functionalities.

What kind of page is youtubemp3[.]to?

Youtubemp3[.]to is a website offering to convert YouTube video links to downloadable audio files. This service is illegal as it breaks copyright laws. Having researched this site, we have noted that youtubemp3[.]to also uses rogue advertising networks. Therefore, visitors to this website can get redirected to various untrustworthy and harmful pages.

What kind of scam is "Clean Up Your Windows PC After Surfing The Web!"?

"Clean Up Your Windows PC After Surfing The Web!" is a pop-up message displayed by a shady website that we have discovered while visiting pages that use shady advertising networks. After analyzing this shady page, we found that it is a technical-support scam designed to trick visitors into calling scammers using the provided number.

What kind of page is 9anime[.]to?

9anime[.]to is an anime streaming website that uses rogue advertising networks and distributes content without permission from the property owners. We have tested this page and seen it opening other websites in a new browser tab. Pretty often, pages that use such advertising networks are used to promote untrustworthy websites.

What kind of page is listenvid[.]com?

Our research team analyzed the listenvid[.]com website and concluded that visiting/using it endangers device and user safety. This site offers to convert YouTube, Dailymotion, Vimeo, Facebook, Metacafe, VK, SoundCloud, Instagram, and Twitter videos (via URLs) to downloadable audio and video files (MP3, MP4, AAC, and M4A formats).

This service is illegal due to it breaking copyright laws. We strongly advise against entering listenvid[.]com because it also uses rogue advertising networks, which are known to promote untrustworthy/malicious pages.

What kind of malware is Azazel?

We have examined the Azazel ransomware (file-encrypting malware) and learned that it belongs to a family of ransomware called Chaos. We also found that it renames encrypted files by appending the ".Azazel" extension, creates the "read_it.txt" file (which contains a ransom note), and changes the desktop wallpaper.

An example of how Azazel ransomware renames files: it renames a file named "1.jpg" to "1.jpg.Azazel", "sheet.xls" to "sheet.xls.Azazel", and so on.

What is Best-CouponSearch?

After installing the Best-CouponSearch browser extension onto our test system, we noticed unwanted redirects to the best-couponsearch.com fake search engine. This was caused by modifications the extension made to browser settings. The described behavior classifies Best-CouponSearch as a browser hijacker.

What kind of application is NodeStatisticsProjector?

Our team has discovered the NodeStatisticsProjector application while inspecting samples submitted to VirusTotal. We have examined NodeStatisticsProjector and found that it has traits of an advertising-supported and browser-hijacking application. It displays ads and promotes a fake search engine (by changing the web browser's settings).

What is Qqqe?

Qqqe is a ransomware-type program designed to encrypt data and make ransom demands for the decryption. While analyzing it, we learned that it is yet another program belonging to the Djvu ransomware family.

On our test machine, it encrypted files and appended them with the ".qqqe" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.qqqe", "2.jpg" as "2.jpg.qqqe", and so on. Once this process was completed, Qqqe created a ransom note named "_readme.txt".

What kind of malware is Yoqs?

We have discovered Yoqs while inspecting various download pages for cracked software. Our malware researchers have tested the ransomware sample and found that it is part of the Djvu ransomware family. The Yoqs ransomware encrypts files, appends the ".yoqs" extension to filenames, and provides a ransom note (creates the "_readme.txt" file).

An example of how Yoqs ransomware changes filenames is it renames a file named "1.jpg" to "1.jpg.yoqs", "document.txt" to "document.txt.yoqs".