Virus and Spyware Removal Guides, uninstall instructions

What kind of page is worldfreshblog[.]com?

Our research team found worldfreshblog[.]com when researching rogue websites. This site is designed to push browser notification spam, but it may also load dubious material and/or redirect visitors to other untrustworthy and harmful webpages.

Most visitors to worldfreshblog[.]com and similar websites access them inadvertently via other pages that use rogue advertising networks.

What is Punisher Miner?

During a routine review of new malware submissions on VirusTotal, we found the Punisher Miner cryptominer. Our research revealed that this malicious program is designed to mine Monero, Toncoin, and Ravencoin cryptocurrencies.

What is FaceStealer?

When looking into new submissions on VirusTotal, we found FaceStealer - an Android-specific trojan. This malware operates as a Facebook social networking account log-in credential stealer. Our research revealed that it is proliferated under the guise of various popular Android applications.

What kind of page is coolingcola[.]com?

Coolingcola[.]com is a website that we have discovered while inspecting pages that use questionable advertising networks. At the time of the research, coolingcola[.]com was promoting a scam offering to win the iPhone 12 mini and asked for permission to show notifications.

What is the Tone application?

After installing the Tone application onto a test system, our research team discovered that it operates as advertising-supported software (adware). To elaborate, this rogue app delivered various advertisements.

What kind of application is Esperanto Dictionary?

We have discovered Esperanto Dictionary while looking for deceptive websites offering to download and install questionable applications. After testing Esperanto Dictionary, we concluded that it is an adware-type application that generates advertisements and can read data on all visited pages.

What is DazzleSpy?

DazzleSpy is a backdoor-type malware, which our researchers sampled from ESET's WeLiveSecurity community website. After analyzing this piece of malicious software, we concluded that it is capable of receiving/executing commands and extracting files from the infected device. At the time of writing, DazzleSpy had been observed being used for geopolitically-motivated attacks.

What kind of page is new-message-service[.]com?

New-message-service[.]com is an untrustworthy website that we have discovered while examining illegal streaming, torrent sites, and similar pages that use questionable advertising networks. We found that the purpose of new-message-service[.]com is to get permission to show notifications and redirect visitors to other shady websites.

What is crDypted ransomware?

crDypted is a ransomware-type program designed to encrypt data (render files inaccessible) and demand ransoms for the decryption.

After launching a sample obtained from VirusTotal on our test machine, it encrypted files and appended them with a ".crDypted000007" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.crDypted000007", and so forth.

Once the encryption process was finished, crDypted created a ransom note - "README1.txt", changed the desktop wallpaper, and made a new user account named "Hack".

What kind of application is Search-Power?

While testing the Search-Power application, our team has learned that it is a browser hijacker used to promote the searchpower.xyz address (a fake search engine). It hijacks a web browser by modifying its settings. We have discovered Search-Power while visiting pages that use rogue advertising networks.