Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is zEus?

zEus is a malicious program classed as a stealer. It is designed to steal information from devices. This malware can extract and exfiltrate a variety of vulnerable data from devices, including the log-in credentials of various accounts. zEus has been observed being distributed under the guise of Minecraft source packs.

What is fake "Floki Airdrop"?

We have inspected the airdrop-floki[.]homes site and found that it is a copy of the original floki[.]com page. Scammers employ airdrop-floki[.]homes to trick users into participating in a fake airdrop (giveaway). This scam website is created to steal cryptocurrency from unsuspecting individuals.

What kind of software is TraceUrl?

Awayurl.net is the address of a fake search engine. This website is promoted by the TraceUrl rogue browser extension, which our researchers discovered while investigating deceptive websites. This software supposedly redirects users to live sites. However, that is not how TraceUrl operates. While this extension can generate redirects, it also collects sensitive user information.

What kind of application is MP3 Cutter Joiner Free?

Our researchers found the MP3 Cutter Joiner Free PUA (Potentially Unwanted Application) while inspecting suspicious sites. This app was included in an installation setup promoted by a scam webpage using an adult-themed lure.

The setup was also bundled with other unwanted and possibly malicious software. PUAs typically have harmful capabilities and are considered a threat to device/user safety.

What kind of malware is EnigmaWave?

Discovered by Yogesh Londhe, EnigmaWave is a ransomware-type program. It operates by encrypting data (rendering it inaccessible/unusable) and demanding payment for the decryption (recovery).

We acquired a sample of this ransomware and executed it on our test machine. Afterward, we found that this program appends the filenames of encrypted files with the attackers' email address, a unique ID assigned to the victim, and the ".EnigmaWave" extension.

For example, a file named "1.jpg" appeared as "1.jpg.Enigmawave@zohomail.com.KXRP0XGHXIJA.EnigmaWave" following encryption. Additionally, EnigmaWave creates a ransom-demanding message titled "Readme.txt".

What is the fake "Arbitrum (ARB) NFT Airdrop"?

Upon examination, we determined that this "Arbitrum (ARB) NFT Airdrop", as promoted on 2024arb[.]xyz, is fake. This scam is disguised as an Arbitrum website running an NFT (Non-Fungible Token) airdrop.

However, this scheme is in no way associated with Arbitrum Orbit (arbitrum.io), the organization behind it – Arbitrum Foundation (arbitrum.foundation), or any other existing platforms/entities.

This fraudulent giveaway operates as a crypto drainer and empties funds from exposed cryptocurrency wallets.

What kind of software is this fake Google Sheets extension?

Our research team discovered this fake Google Sheets browser extension while inspecting deceptive sites. This piece of rogue software is disguised as a spreadsheet app that is part of the web-based Google Docs Editors suite. It must be emphasized that this extension is not associated with Google Sheets, Google Docs Editors, or Google LLC.

Upon examination, we determined that this fraudulent extension collects sensitive data, displays browser notifications, and potentially performs other harmful activities.

What is the fake "Riot Games & Twitch Giveaway"?

After reviewing the site promoting the "Riot Games & Twitch Giveaway", we concluded that it is a scam exploiting the names of legitimate companies (Riot Games and Twitch) as a lure to trick individuals into divulging personal information. Neither Riot Games nor Twitch has anything to do with this scam site.

What kind of application is Psoriasis?

During our analysis of Psoriasis, we learned that this app functions as adware. Upon installation, Psoriasis displays various advertisements. Moreover, it may collect data from devices. We also found that Psoriasis is part of the Pirrit family. Users should avoid installing apps like Psoriasis.

What kind of email is "Treasures For Safekeeping"?

After reading the "Treasures For Safekeeping" email, we determined that it is spam. This fake letter is supposedly from a Ukrainian citizen forced to flee from their home due to the Russian invasion of Ukraine. The sender requests help dealing with their familial treasure, part of which the email recipient can keep.

This information is false, and it is not associated with any existing individuals. The purpose of this mail is to trick victims into disclosing sensitive information and/or sending money to scammers.