Virus and Spyware Removal Guides, uninstall instructions

What is the n02[.]biz site?

N02[.]biz is a rogue website sharing many similarities with maximus-time.com, video-change.digital, enquiryofh.fun, and thousands of others. This page operates by loading dubious content and/or redirecting visitors to untrustworthy and possibly malicious sites.

These webpages are rarely accessed intentionally; most users get redirected to them by intrusive ads or installed PUAs (Potentially Unwanted Applications).

This software does not require express user permission to infiltrate systems. PUAs are designed to force-open websites, run intrusive advertisement campaigns, and gather browsing-related information.

What is the Revenant ransomware?

Part of the VoidCrypt ransomware family, Revenant is a malicious program designed to encrypt data and demand payment for the decryption. In other words, this ransomware renders files inaccessible and asks victims to pay - to recover access to their data.

During the encryption process, compromised files are renamed according to this pattern: original filename, cyber criminals' email address, unique ID assigned to the victim, and the ".Revenant" extension.

For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.[xsmaxs@tutanota.com][MJ-TY0671523984].Revenant" - following encryption. Once this process is complete, ransom notes - "Decrypt-me.txt" - are dropped into affected folders.

What is WMS Technologies Email Virus?

One of the channels cybercriminals use to distribute is email. In such cases, they pretend to be legitimate companies, organizations, etc., and include a malicious attachment or a download page for a malicious file in their email.

Their main goal is to trick recipients into downloading and opening a malicious file. The purpose of this malspam campaign is to trick recipients into opening a malicious Microsoft Excel document that can install different malicious programs, e.g., AZORult, AgentTesla, Snake Keylogger, LokiBot, Oski Stealer.

What is maximus-time[.]com?

Maximus-time[.]com is a page that is very similar to video-change[.]digital, enquiryofh[.]fun, and captcharesolving-universe[.]com, and a great number of other shady sites designed to promote other pages of this kind or load their deceptive content. Usually, users do not visit them intentionally - they get opened after clicking deceptive ads, visiting questionable websites.

It is also common that browsers open untrustworthy websites because there is a potentially unwanted application (PUA) installed on them. It is recommended not to visit pages like maximus-time[.]com or have any PUA installed on a browsers or the operating system.

What is Mammon?

Ransomware is a form of malware that is designed to prevent victims from accessing their files. In most cases, it encrypts files with a strong encryption algorithm, renames them, and displays or creates (or both) a ransom note.

Mammon is part of the Makop ransomware family. This ransomware variant encrypts files and appends a string of random characters (in this case, 9B83AE23), mammon0503@tutanota.com email address, and the ".mammon" extension to their filenames.

For example, it renames a file named "1.jpg" to "1.jpg.[9B83AE23].[mammon0503@tutanota.com].mammon", "2.jpg" to "2.jpg.[9B83AE23].[mammon0503@tutanota.com].mammon", and so on. Also, Mammon creates the "readme-warning.txt" text file (its ransom note) in each folder that contains encrypted data.

What is the "Seojoong Logistics DMCC" scam email?

"Seojoong Logistics DMCC email virus" refers to a malware-proliferating spam campaign. This term defines a large-scale operation during which deceptive emails are sent by the thousand.

The letters distributed through this campaign - request recipients to confirm their delivery order and review the bill of lading (B/L). However, instead of containing the stated document, the file attached to the scam emails contains FormBook malware.

This malicious program is designed to extract vulnerable information from infected systems and perform specific commands on them.

What is Job Search?

Job Search is a piece of software endorsed as a tool for quick access to job-related content. To elaborate, it allows users to access job search sites, professional networking platforms, salary calculators, and job interview preparation material through a browser's homepage.

However, replacing/altering browser homepages and promoting search engines are qualities typical of browser hijackers. Software within this classification typically modifies browsers and restricts/denies access to their settings - in order to promote fake web searching tools.

In the case of Job Search, it does not cause redirects to illegitimate web searchers; instead, it promotes the Bing search engine. Additionally, browser hijackers often spy on users' browsing activity.

Job Search might have such data tracking abilities, though it does not ask permission to access private information. Since most users download/install browser hijackers unintentionally, they are also classified as PUAs (Potentially Unwanted Applications).

What is Conf Search?

A browser hijacker is a type of app that promotes a fake search engine (its address). It hijacks a browser by changing its settings.

Conf Search promotes the conf-search.com address. Also, this browser hijacker adds the "Managed by your organization" feature on Google Chrome browsers.

It is common that apps of this type are designed to collect some information about their users (browsing data). It is likely that Conf Search gathers data too.

Usually, users download and install browser hijackers unknowingly, for this reason they are called potentially unwanted applications (PUAs).

What is Cardano giveaway scam?

Cardano is the name of a legitimate blockchain platform, and the cryptocurrency which operated in its network is called ADA. There are many cryptocurrency giveaway scams on the Internet offering to receive a certain amount of cryptocurrency in exchange for contribution in the "giveaway".

Simply said, scammers behind such scams attempt to steal cryptocurrency from unsuspecting people. It is common that scam websites (fake giveaways) like this one are promoted through deceptive advertisements, other shady pages, videos on YouTube, or potentially unwanted applications (PUAs) that users unknowingly install on their browsers or computers.

What is Sandro RAT?

Sandro is a piece of malicious software, classified as a RAT (Remote Access Trojan). This malware type enables remote access and control over a compromised device.

RATs can allow for close-to or user-level amount of control over infected machines. Hence, these trojan infections can lead to a wide variety of severe issues. The Sandro RAT targets Android operating systems.