Virus and Spyware Removal Guides, uninstall instructions

What is "NASA ETH and BTC Giveaway"?

When inspecting rogue and deceptive websites, our researchers discovered yet another cryptocurrency giveaway scam. "NASA ETH and BTC Giveaway" is presented as a cryptocurrency mass-adoption scheme. Users are urged to transfer a certain amount of either Ethereum (ETH) or Bitcoin (BTC) cryptocurrencies to the scam - so that they could receive twice as much. In fact, anything transferred to the wallets provided by this scam will be irreversibly lost.

What kind of page is listentoyoutube[.]cc?

Our team has examined the listentoyoutube[.]cc page and concluded that this page offers to convert YouTube videos to MP3 files (while downloading videos from YouTube is a breach of YouTube's Terms of Service), uses rogue advertising networks, and promotes a questionable application.

What kind of software is Mxpww?

We have tested the Mxpww ransomware and learned that it encrypts files, appends a string of random characters and the ".mxpww" extension to filenames, and creates the "5Fw6_HOW_TO_DECRYPT.txt" file (a ransom note). An example of how Mxpww encrypts files is provided below.

Mxpww renames "1.jpg" to "1.jpg.hZI9EkYRC0U5VHltbyWBDoLz8RfqOsEMjxc97InHxF7_GgAAABoAAAA0.mxpww", "file.txt" to "file.txt.hZI9EkYRC0U5VHltbyWBDoLz8RfqOsEMjxc97InHxF7_GgAAABoAAAA0.mxpww", and so on.

What is Bio Diversity?

Bio Diversity is a browser extension promoted as a tool for easy access to the largest biodiversity-centered library/archive. Instead, after testing it, we learned that Bio Diversity operates as advertising-supported software (adware).

What kind of application is best darker?

best darker is the name of a browser hijacker that we have discovered while visiting a deceptive website. After analyzing this application, we found that it hijacks a web browser by changing its settings to ssepm.com - a fake search engine. During the research, we noticed that best darker also could promote ssepm.com without making changes in settings.

What is SchedulerSkyLoad?

SchedulerSkyLoad is another of our researchers' finds detected on VirusTotal. It is an adware-type application from the AdLoad malware family.

What kind of malware is WExtension?

WExtension is the name of ransomware that our team has discovered while checking the samples submitted to VirusTotal. While analyzing WExtension, we found that it encrypts files, appends the ".WExtension" extension to filenames, and creates the "read_it.txt" file containing a ransom note.

For example, WExtension renames "1.jpg" to "1.jpg.WExtension", "2.jpg" to "2.jpg.WExtension". We also learned that WExtension is part of the ransomware family called Chaos.

What kind of software is TypeValue?

Our team has discovered the TypeValue application while inspecting various shady websites encouraging to download fake updates for the installed software. After examining TypeValue, we found that it displays advertisements and hijacks a web browser. Thus, this application can be categorized as adware and a browser hijacker.

What is Scl ransomware?

During a routine inspection of the newest malware submissions on VirusTotal, our researchers found the Scl ransomware.

After launching a sample on our test machine, we observed this ransomware encrypting data and renaming files by appending them with a unique ID, the cyber criminals' email address, and a ".scl" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.id_9ecfa84e4a778478_email_enc1@usa.com_.scl".

Once the encryption process was finished, the Scl program dropped two ransom notes - "HELP_DECRYPT_YOUR_FILES.HTML" and "HELP_DECRYPT_YOUR_FILES.TXT" - onto the desktop.

What kind of malware is Qqqw?

While analyzing the ransomware sample, we found out that Qqqw belongs to a family of ransomware called Djvu. It encrypted files and appended the ".qqqw" extension to filenames (for example, it renamed "1.jpg" to "1.jpg.qqqw", "document.txt" to "document.txt.qqqw"), and created the "_readme.txt" file as its ransom note.