Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Asistchinadecryption?

We have analyzed the Asistchinadecryption ransomware (which was discovered by our malware researchers while examining samples submitted to VirusTotal) and discovered that it encrypts files and appends ".asistchinadecryption" and the victim's ID to filenames.

For example, Asistchinadecryption renames "1.jpg" to "1.jpg.asistchinadecryption .C04-41D-05E", "2.jpg" to "2.jpg.asistchinadecryption .C04-41D-05E". Also, it creates the "!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT" file (a ransom note). We also found out that Asistchinadecryption is part of the ZEPPELIN ransomware family.

What kind of website is finkeapp[.]com?

Our team has examined finkeapp[.]com and found that it uses a clickbait technique to get permission to show notifications and redirects dubious pages. We have discovered this website while visiting pages that use questionable advertising networks. Finkeapp[.]com is similar to aucfuu[.]com, louses[.]net, topraw[.]net, and plenty of other pages.

What kind of malware is ELBOW?

Our malware researchers have discovered the ELBOW ransomware while testing the samples submitted to VirusTotal. We found out that ELBOW is part of the Phobos ransomware family. While testing it, we learned that it encrypts and renames files and provides two ransom notes (in the "info.txt" file and a pop-up window).

An example of how ELBOW has encrypted files: it renamed "1.jpg" to "1.jpg.id[9ECFA84E-3143].[UNKNOWNTEAM@criptext.com].ELBOW", "2.jpg" to "2.jpg.id[9ECFA84E-3143].[UNKNOWNTEAM@criptext.com].ELBOW". It appended the victim's ID, email address and the ".ELBOW" extension to filenames.

What kind of malware is Maak?

While testing the samples submitted to VirusTotal, we discovered that Maak is ransomware that belongs to Djvu family. We found that Maak encrypts files, appends the ".maak" extension to filenames (for example, it changes "1.jpg" to "1.jpg.maak", "file.txt" to "file.txt.maak"), and creates a text file ("_readme.txt") that contains a ransom note.

What kind of page is news-sojulu[.]cc?

While inspecting questionable sites, our researchers encountered news-sojulu[.]cc - a browser notification spam promoting webpage. Additionally, this website can redirect visitors to other dubious and harmful ones. Users seldom access pages like news-sojulu[.]cc intentionally; most enter them via others that use rogue advertising networks.

What is the "METAMASK" pop-up scam?

We discovered this "METAMASK" scam while inspecting rogue websites. It is disguised as a log-in credential recovery page for MetaMask - a genuine cryptocurrency wallet designed to interact with the Ethereum blockchain. This scheme operates as a phishing scam. In other words, it aims to trick users into disclosing their wallets' log-in credentials - to subsequently gain access and control over them.

What is Skip Ads?

Skip Ads is a rogue browser extension. Based on its name, it is evidently promoted as an adblock-type software. However, following its installation onto our test machine, Skip Ads began running intrusive advertisement campaigns. Therefore, this piece of software is categorized as adware.

What kind of software is ProjectSource?

ProjectSource is the name of an adware-type and browser-hijacking app that we have discovered while auditing various shady websites. After analyzing ProjectSource, we learned that the purpose of this app is to generate annoying advertisements and promote a fake search engine.

What kind of malware is Problem?

We have found a new ransomware variant called Problem while inspecting ransomware samples submitted to VirusTotal. During analysis, we discovered that Problem encrypts files, appends the ".problem" extension to filenames, and creates the "readme.txt" file (a ransom note).

An example of how this ransomware renamed files: it changed the "1.jpg" file to "1.jpg.problem", "document.txt" to "document.txt.problem".

What kind of page is universal-current[.]com?

Universal-current[.]com is a shady website that displays deceptive content and asks for permission to show notifications. We have discovered it while testing pages that are using questionable advertising networks. More precisely, we ended up on universal-current[.]com after visiting various illegal movie streaming, torrent, and similar sites.