Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Zora Mint"?

"Zora Mint scam" refers to fake websites that imitate Zora (zora.co). These fraudulent pages entice users into exposing their digital wallets by offering NFT (Non-Fungible Token) minting (i.e., creating) opportunities. This scam operates as a cryptocurrency drainer.

What kind of software is Page Summarizer AI?

While inspecting a Torrenting website that uses rogue advertising networks, our researchers discovered a deceptive page endorsing the Page Summarizer AI browser extension. Our research team also found its promotional webpage, wherein the extension is promoted as an AI-powered tool for summarizing the text content on any given site.

After our analysis, we determined that Page Summarizer AI is a browser hijacker. However, unlike the standard hijacker software, this extension does not alter browser settings nor generate redirects. Instead, it injects ads into search results.

What kind of scam is "FOXY Presale"?

After inspecting this "FOXY Presale", we determined that it is a scam. It is presented as a presale event for FOXY – a legitimate cryptocurrency. However, when users try to participate, they trigger a crypto drainer. The scope of the financial loss faced by victims depends on the value of the stolen digital assets.

What kind of scam is "ATOR Reward Program"?

"ATOR Reward Program" is a scam that is disguised as the ATOR platform. The bait used to lure victims is a promise of a rewards program for ATOR cryptocurrency holders. The scheme functions as a crypto drainer that steals the funds from exposed digital wallets.

What kind of program is profilingTime?

profilingTime is promoted as a browser extension that assists users by guiding them to live websites. However, our examination of the application revealed that it displays unwanted and intrusive advertisements. Thus, we classified profilingTime as adware. Users are advised not to have such apps installed/added.

What is "Seedify $SFUND" scam?

Upon further examination of the website, it became evident that it is a fraudulent site impersonating the official Seedify (seedify[.]fund) page. The perpetrators behind this deceptive webpage aim to entice unsuspecting individuals into taking actions that enable them to steal cryptocurrency. Consequently, it is advisable to ignore this site.

What is "Consignment Box"?

Upon thorough examination of the email, it has become apparent that it is a classic example of a fraudulent scheme, masquerading as a message from a diplomat delivering a substantial sum of money. Typically, scammers behind such emails aim to extract money and (or) personal information from unsuspecting recipients.

What kind of scam is "Crystal Dash"?

After thorough examination, we have determined that this is a scam - a deceptive cryptocurrency-related scheme orchestrated by fraudsters to entice unsuspecting to take specific actions. Those who become ensnared in such schemes risk losing their cryptocurrency. Thus, users should avoid trusting such web pages.

What kind of application is BasisService?

Our research team discovered BasisService while browsing new submissions to the VirusTotal site. After inspecting this app, we determined that it is adware from the AdLoad malware family. BasisService is designed to feed users with undesirable and potentially dangerous advertisements.

What kind of malware is FBIRAS?

Our research team discovered FBIRAS ransomware while reviewing new malware submissions to the VirusTotal website. This malicious program operates by encrypting data and demands ransoms for its decryption.

On our testing system, the ransomware encrypted files and altered their filenames. Original titles had a ".FBIRAS" extension added to them, e.g., a file initially named "1.jpg" appeared as "1.jpg.FBIRAS", "2.png" as "2.png.FBIRAS", etc. However, we also observed the extension being appended twice – "1.jpg.FBIRAS.FBIRAS", "2.png.FBIRAS.FBIRAS", and so on.

Once the encryption process was completed, a ransom-demanding message – "Readme.txt" – was created. In the note, the attackers refer to themselves as "law enforcement", and attempt to trick victims into believing that the infection is a punishment for violating cyber laws.