Virus and Spyware Removal Guides, uninstall instructions

What is KUKANOS ransomware?

During a routine inspection into new submissions on VirusTotal, our researchers detected a new addition to the ZEPPELIN ransomware family - called KUKANOS.

When we tested this malware, it encrypted files and appended their filename with this extension - ".@KUKANOSSOSANOS.[victim's_ID]" (the IDs are unique and very between infections). For example, a file that was initially titled "1.jpg" appeared as "1.jpg.@KUKANOSSOSANOS.199-BDC-9E1".

Afterward, a ransom note - "!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT" was dropped onto the desktop. Judging from the message within this text file, it is evident that KUKANOS targets companies rather than home users.

What kind of software is InitiatorIntegrate?

Our team has analyzed the InitiatorIntegrate application and discovered that it generates advertisements and hijacks a web browser to promote a fake search engine. Knowing this, we can state that InitiatorIntegrate functions as adware and a browser-hijacking application.

What is "Sync Wallets"?

"Sync Wallets" is a phishing scam, which our researchers found when inspecting shady websites. Schemes of this type can be promoted on many rogue pages simultaneously; we found it on fixedvalidity[.]online website, but it may be encountered on others as well.

"Sync Wallets" is presented as a dApp (decentralized application) capable of linking up with various iOS and Android cryptocurrency wallets. However, we discovered that this fake service aims to extract cryptowallet log-in credentials. Therefore, through "Sync Wallets" scammers can gain access to digital wallets and control the cryptocurrency stored therein.

What kind of application is color darker?

We have found the installer for the color darker application on multiple deceptive websites. While analyzing the color darker application, we learned that it hijacks a web browser by changing some of its settings to wwmnnl.com (a fake search engine).

What kind of page is facebookteens[.]com?

We discovered facebookteens[.]com whilst researching other questionable websites. The page in question is designed to load dubious content, promote browser notification spam, and redirect visitors to various unreliable/dangerous sites. Most visits to facebookteens[.]com are unintentional as they are caused by redirects from rogue advertising networks used by other webpages.

What kind of page is webdefencesupprot[.]com?

Detected by our researchers when inspecting untrustworthy webpages, webdefencesupprot[.]com is a site designed to load deceptive content, promote its browser notifications, and redirect visitors to other unreliable/harmful pages. During our observation, this website ran the "McAfee - Your PC is infected with 5 viruses!" scam.

It is noteworthy that most visitors to webdefencesupprot[.]com access it via other websites that employ rogue advertising networks.

What is WaspLocker ransomware?

While searching VirusTotal for new malware submissions, our researchers found a new ransomware called WaspLocker. On our test system, this ransomware-type program encrypted files and appended them with the ".locked" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.locked", "2.jpg" as "2.jpg.locked", etc.

It is noteworthy that there another variant of WaspLocker, which adds ".0.locked" to filenames (e.g., "1.jpg" would look like "1.jpg.0.locked", etc.).

Once the encryption was completed, the ransomware changed the desktop wallpaper, displayed a pop-up window, and created "How to restore your files.txt" text file.

What kind of page is wholewowblog[.]com?

Wholewowblog[.]com is a deceptive website that has been discovered by our team while testing sites that use questionable advertising networks. We examined wholewowblog[.]com and found that it uses a clickbait technique to trick visitors into agreeing to receive notifications that promote other untrustworthy websites.

What is White Rabbit ransomware?

Discovered by Michael Gillespie, White Rabbit is a ransomware-type program designed to encrypt data and demand payment for the decryption.

When unleashed upon our test machine, this malicious program encrypted and appended targeted files with a ".scrypt" extension, as well as created corresponding ransom notes (containing identical messages). To elaborate, a file initially titled "1.jpg" was renamed as "1.jpg.scrypt" and got a ransom note named "1.jpg.scrypt.txt", and so on for all of the affected files.

The text presented in the ransom notes allows us to surmise that White Rabbit ransomware is targeted towards companies rather than home users.

What is "iPhone 12 Mini Giveaway" pop-up scam?

Our team has discovered this iPhone 12 Mini giveaway scam website while visiting other shady websites (websites that use questionable advertising networks) and inspecting notifications from untrustworthy pages. Scammers behind this page attempt to trick unsuspecting visitors into providing personal information and transferring money.