Virus and Spyware Removal Guides, uninstall instructions

What is the fake "Check $PORTAL Eligibility" site?

We have examined the web page (portal-gaming-project.pages[.]dev) and discovered that it is a scam page imitating the Portal Web3 gaming platform (portalgaming[.]com). Scammers behind this fraudulent website seek to trick unsuspecting individuals into performing actions enabling scammers to steal cryptocurrency.

What kind of malware is Brokewell?

Brokewell is a banking malware with spyware and RAT (Remote Access Trojan) capabilities. This malicious program targets Android operating systems. As is indicated by its classification, Brokewell seeks banking-related information. At the time of writing, the malware is in active development and is receiving frequent updates.

What kind of page is yourshields24[.]club?

We inspected yourshields24[.]club and found that it is designed to lure visitors into agreeing to receive its notifications. To achieve this, yourshields24[.]club uses clickbait (it displays deceptive content). Additionally, yourshields24[.]club redirects visitors to similar pages. Thus, this site should be avoided.

What is the fake "$LOC PRE-SALE"?

"$LOC PRE-SALE" is a scam that supposedly runs a presale event for the LOC cryptocurrency. It operates as a crypto drainer that steals funds from exposed digital wallets. It must be mentioned that scams of this kind are often disguised as existing platforms, yet this does not mean that they are associated with one another.

What kind of page is likudservices[.]com?

In the course of our inspection of likudservices[.]com, we noticed that this deceptive website uses a clickbait technique to receive permission to show notifications. We have examined lots of similar pages and found that in addition to displaying misleading content, most of them redirect visitors to other shady sites.

What kind of page is myflisblog[.]com?

Myflisblog[.]com is one of the numerous websites that employ clickbait to receive permission to deliver notifications to users. We discovered myflisblog[.]com while inspecting similar websites. Users should not visit myflisblog[.]com, and more importantly, this site should not be allowed to show notifications.

What is "Santander Bank Deal" email scam?

Our analysis of the email has led us to conclude that it is a scam commonly referred to as an advance-fee scam. Typically, scammers behind such schemes aim to trick unsuspecting recipients into transferring their money. They may also ask for personal information. Thus, recipients should not respond to such emails.

What kind of malware is Wormhole?

During our examination of the Wormhole malware, we discovered that it operates as ransomware: its purpose is to encrypt files and demand ransom for file decryption. In addition to encrypting files, Wormhole appends its extension (".Wormhole") to filenames and provides a ransom note ("How to recover files encrypted by Wormhole.txt").

Here is an example of how Wormhole modifies filenames: it renames "1.jpg" to "1.jpg.Wormhole", "2.png" to "2.png.Wormhole" and so forth. Our discovery of Wormhole ransomware occurred during an analysis of malware samples submitted to VirusTotal.

What is the fake "Ice Token Distribution" platform?

We have inspected the fraudulent Ice token distribution site (giveaway-ice[.]io) and found that its purpose is to steal cryptocurrency from unsuspecting individuals. The fake website (giveaway-ice[.]io) masquerades as the real Ice Open Network page (ice[.]io) to trick users into participating in a fraudulent scheme.

What kind of page is lovelypush[.]club?

Lovelypush[.]club is a rogue page discovered by our researchers during a routine inspection of suspicious websites. Upon examination, we determined that lovelypush[.]club promotes browser notification spam and redirects users to different (likely dubious/malicious) sites.

Most visitors to webpages like lovelypush[.]club access them via redirects generated by websites utilizing rogue advertising networks.