Virus and Spyware Removal Guides, uninstall instructions

What is a fake "Blaster Token ($BLSTR) Early Access" airdrop?

After inspecting this "Blaster Token ($BLSTR) Early Access" airdrop, we determined that it is a scam. This scheme was hosted on added-ones[.]info, and it claims to be distributing Blaster tokens (BLSTR). It operates as a cryptocurrency drainer that steals funds from compromised digital wallets.

It must be stressed that this scam is not associated with Blaster Digital (blaster.digital) or any other platforms and entities.

What kind of malware is Tuborg?

In the process of reviewing the malware, it became apparent that Tuborg is ransomware (not associated with the Tuborg Brewery in any way) designed to encrypt files. We discovered Tuborg ransomware while examining malware samples submitted to VirusTotal. In addition to encrypting files, Tuborg changes the desktop wallpaper and provides a ransom note ("#tuborg-Help.txt").

Also, this ransomware renames files (appends an email address and the ".tuborg" extension to filenames). For instance, it changes "1.jpg" to "1.jpg.[Hiit9890@cyberfear.com].tuborg" and "2.png" to "2.png.[Hiit9890@cyberfear.com].tuborg". We also found that Tuborg is a variant of the Proton ransomware.

What is the fake "Dog RuneStone Airdrop"?

During an analysis of the site (airdrop-doggotothemoon[.]xyz), it has come to our attention that it is a scam website promoting a fake Dog RuneStone airdrop (a cryptocurrency giveaway). The scammers behind this page aim to trick potential participants into believing they can receive free cryptocurrency and steal their digital assets.

What kind of page is mydotheblog[.]com?

Our researchers found the mydotheblog[.]com rogue page while investigating untrustworthy websites. After inspecting it, we determined that this webpage promotes browser notification spam and redirects users to other (likely dubious/dangerous) sites.

Users most commonly enter pages like mydotheblog[.]com via redirects caused by websites utilizing rogue advertising networks.

What kind of email is "Quote For The Attached Products"?

Upon examination, we determined that the "Quote For The Attached Products" email is spam. It is presented as a potential purchase inquiry that directs users into accessing a nonexistent attachment. The goal of the spam mail is to redirect recipients to a phishing website that targets log-in credentials.

What kind of email is "British American Tobacco Company Promotion"?

After reading the "British American Tobacco Company Promotion" email, we determined that it is spam. The scam letter claims that the recipient was selected as a winner in a promotion supposedly held by the British American Tobacco company.

It must be stressed that this prize is nonexistent, nor has the recipient won any rewards. Additionally, it must be mentioned that this mail is not associated with any legitimate companies or other entities.

What is the fake "$SAFE Token Airdrop"?

After investigating this "$SAFE Token Airdrop", as promoted on the blackpanther-claim[.]network webpage, we determined that it is a scam. It imitates the Safe platform (safe.global) running an airdrop with the goal of luring victims into exposing their digital wallets to a cryptocurrency drainer.

It must be emphasized that this fake website is not associated with the actual Safe platform or other services/entities.

What kind of page is thaksaubie[.]com?

While inspecting unreliable sites, our researchers discovered the thaksaubie[.]com rogue webpage. It seeks to deceive users into allowing the delivery of spam browser notifications. Thaksaubie[.]com can also redirect users elsewhere (likely untrustworthy/dangerous websites).

Most visitors stumble into pages like thaksaubie[.]com through redirects caused by sites using rogue advertising networks.

What kind of page is mypholasshop[.]com?

Our research team discovered the mypholasshop[.]com rogue page while browsing suspect websites. Upon investigation, we learned that it promotes browser notification spam and generates redirects to other (likely dubious/malicious) sites.

Users primarily access webpages like mypholasshop[.]com via redirects caused by websites that utilize rogue advertising networks.

What kind of page is phaliconic[.]com?

Phaliconic[.]com is the address of a rogue page discovered by our research team during a routine investigation of untrustworthy websites. After examining this webpage, we determined that it promotes browser notification spam and redirects users to other (likely unreliable/hazardous) sites.

Most visitors to phaliconic[.]com and similar pages access them through redirects generated by websites utilizing rogue advertising networks.