Virus and Spyware Removal Guides, uninstall instructions

What is "Kaseya email virus"?

"Kaseya email virus" is the name of a malware-spreading spam campaign. The term "spam campaign" is used to describe a large-scale operation during which thousands of deceptive emails are sent.

The letters distributed through this campaign urge recipients to install an update from "Microsoft" to fix a vulnerability present in Kaseya customers' networks. Kaseya are legitimate developers of software designed to manage networks, systems, and information technology infrastructure.

It must be emphasized that these scam emails are in no way associated with either Kaseya Limited or the Microsoft Corporation. This spam campaign aims to exploit the 2021 July ransomware incident that affected Kaseya and its customers.

These fake letters proliferate the Cobalt Strike malicious program, which possesses data-stealing abilities and can cause chain infections.

What is Process the order attached email scam?

Usually, scammers use phishing emails to trick recipients into providing personal information. It is common that emails of this type contain a link to a deceptive website asking to enter login credentials, credit card details, social security numbers, or other information.

It is important to mention that phishing emails usually are disguised as official letters from legitimate companies or other entities. However, scammers behind them do not have anything to do with the companies they pretend to be.

What is "ATLAS AL SHARQ TRADING email virus"?

"ATLAS AL SHARQ TRADING email virus" refers to a malware-spreading spam campaign. The term "spam campaign" defines a mass-scale operation during which thousands of deceptive/scam emails are sent.

The letters distributed through this campaign are disguised as mail from Atlas Al Sharq Trading Establishment - an industrial equipment supplier based in the United Arab Emirates. The aim of these scam emails is to infect recipients' systems with FormBook malware.

What is allhugenewz[.]com?

Allhugenewz[.]com is one of the pages designed to promote untrustworthy (in some cases, legitimate) websites or load questionable content - its functionality depends on the geolocation of the visitor. A couple of examples of other pages like allhugenewz[.]com are zpreland[.]com, reverscaptcha[.]com, and 1video-online[.]me.

It is worth mentioning that users do not visit pages like allhugenewz[.]com by themselves - they get opened through shady advertisements, pages, or potentially unwanted applications (PUAs) installed on browsers or computers.

What is Dev0 ransomware?

Dev0 is the name of a malicious program, which is part of the Makop ransomware family. Following successful infiltration, this malware renders files inaccessible by encrypting them - to make ransom demands for the decryption (i.e., access recovery).

During the encryption process, affected files are retitled after this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and ".dev0" extension. For example, a file initially named "1.jpg" would appear as something similar to "1.jpg.[9B83AE23].[xdatarecovery@msgsafe.io].dev0" - once encrypted. Additionally, ransom notes - "readme-warning.txt" - are dropped into compromised folders.

What is Bom ransomware?

Ransomware is a type of malware cybercriminals use to prevent victims from accessing their files. It makes files inaccessible/unusable by encrypting them and generates a ransom note (or multiple ransom notes).

Bom encrypts files and modifies their filenames by appending the tormented.soul@tuta.io email address, a string of random characters, and the ".bom" extension. For example, it renames a file named "1.jpg" to "1.jpg.[tormented.soul@tuta.io][MJ-KB3756421908].bom", "2.jpg" to "2.jpg.[tormented.soul@tuta.io][MJ-KB3756421908].bom", and so on.

This ransomware is part of the VoidCrypt family. To provide instructions on how to contact cybercriminals behind it, Bom creates a text file named "Scratch".

What is IndexerProject?

IndexerProject is a piece of rogue software categorized as adware. It also has browser hijacker qualities.

Following successful installation, this app runs intrusive advert campaigns and promotes fake search engines (through modifications to browser settings). Additionally, IndexerProject has data tracking abilities.

Most adware-types and browser hijackers are installed inadvertently; hence, they are also classified as PUAs (Potentially Unwanted Applications).

What is videoplayernow[.]com?

Videoplayernow[.]com one of the pages that checks its visitor's IP address and then loads questionable content or opens a couple of (about two, three) potentially malicious pages. It is similar to zpreland[.]com, reverscaptcha[.]com, and 1video-online[.]me and hundreds of other pages.

What is ZuCaNo ransomware?

As a rule, ransomware is used to prevent victims from accessing their files until a ransom is paid. Malware of this type encrypts files and generates a ransom note containing instructions on how to contact the attackers about data decryption and (or) pay them a ransom.

ZuCaNo is part of the Xorist ransomware family. It encrypts and renames files (it appends the ".ZuCaNo" extension to their filenames, for example, it renames a file named "1.jpg" to "1.jpg.ZuCaNo", "2.jpg" to "2.jpg.ZuCaNo", and so on).

Also, ZuCaNo changes the desktop wallpaper, displays a pop-up window, and creates the "HOW TO DECRYPT FILES.txt" file (in all folders containing encrypted files). All three of them are messages demanding payment.

What is FlexibleSearch?

FlexibleSearch is an advertising-supported software - it generates unwanted advertisements. It is common that software of this type collects various data and (or) changes web browser settings to promote a fake search engine as well.

Users rarely download and install apps like FlexibleSearch intentionally. For this reason, they are called potentially unwanted applications (PUAs).