Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "Treasures For Safekeeping"?

After reading the "Treasures For Safekeeping" email, we determined that it is spam. This fake letter is supposedly from a Ukrainian citizen forced to flee from their home due to the Russian invasion of Ukraine. The sender requests help dealing with their familial treasure, part of which the email recipient can keep.

This information is false, and it is not associated with any existing individuals. The purpose of this mail is to trick victims into disclosing sensitive information and/or sending money to scammers.

What kind of application is Bc20?

After examining the Bc20 application, we determined that it belongs to the Pirrit adware family. Upon installation, Bc20 delivers intrusive advertisements. Additionally, it may quietly collect various types of data. Thus, affected users should uninstall Bc20 from their computers and avoid installing such apps in the future.

What kind of application is App_updater?

We have inspected the App_updater application and found that it is an advertising-supported program from the Pirrit family. Once installed, App_updater delivers annoying and often misleading advertisements to users. Also, it may silently gather various data. Affected users should uninstall App_updater as soon as possible.

What kind of scam is "Error In Your IMAP/POP3 Mails Server"?

Our analysis of the email revealed that it is a phishing email. Scammers behind this phishing campaign aim to deceive recipients into believing that they have received a notification from an email service provider. Their ultimate goal is to extract personal information from unsuspecting recipients.

What kind of malware is Qeza?

Qeza is a ransomware variant from the Djvu family that we discovered during an analysis of samples submitted to VirusTotal. Ransomware is a type of malware that encrypts files and demands payment for their decryption. In addition to encrypting files, Qeza appends its extension (".qeza") to filenames and provides a ransom note ("_README.txt").

An example of how files encrypted by Qeza are renamed: "1.jpg" is changed to "1.jpg.qeza", "2.png" to "2.png.qeza", and so on. Since Qeza is part of the Djvu family, it may be distributed alongside information stealers like Vidar and RedLine.

What is the fake "Hyperliquid ($HYPE) Airdrop"?

During our examination of the claim-hyperliquid[.]xyz site, we found that this page promotes a cryptocurrency airdrop. However, further analysis revealed that claim-hyperliquid[.]xyz is a fake page masquerading as a legitimate cryptocurrency trading platform (hyperliquid[.]xyz). This deceptive site is designed to steal cryptocurrency from victims.

What kind of scam is "Valorant Gift"?

After examining a website offering gifts for the Valorant video game, we determined that it is fake. The scam states that users can claim one thousand Radianite points for free. This fake giveaway operates as a phishing scam and targets Valorant account log-in credentials.

It must be stressed that this scam does not give out rewards or gifts, and it is not associated with Valorant or its developer – Riot Games. Keep in mind that this scheme could be hosted on other domains, aside from valorant-collect[.]com.

What is the fake "Klaytn ($KLAY) Airdrop"?

After inspecting the "Klaytn ($KLAY) Airdrop", as promoted on klay-foundation[.]com, we determined that it is fake. The scheme imitates the Klaytn platform (klaytn.foundation).

This fraudulent airdrop is used to lure users into exposing their digital wallets to a crypto drainer. Hence, victims of this fake "Klaytn ($KLAY) Airdrop" can lose the digital assets stored in their wallets.

It must be emphasized that this fraudulent giveaway is not associated with Klaytn or any other existing platforms or entities.

What kind of email is "Your System Has Been Cracked"?

After reading the "Your System Has Been Cracked" email, we determined that it is spam promoting a sextortion scam. This letter falsely claims that the recipient's device was hacked by the sender and used to record a compromising video. The recording will be sent to the recipient's contact lists if they do not comply with the ransom demands.

It must be stressed that the information provided by "Your System Has Been Cracked" is fake. Hence, this email poses no threat to recipients.

What kind of scam is "Mailbox Update"?

We have examined this email and found that it is a scam email disguised as a notification from an email service provider regarding a mailbox update. This scam email contains a link to a fake website designed to extract personal information. Anyone who receives this or a similar email should refrain from responding to it or providing details on presented sites.