Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is TeaBot?

TeaBot (also known as Anatsa) is a piece of malicious software categorized as a banking trojan with RAT (Remote Access Tool/Trojan) capabilities. This malware targets Android operating systems.

Its primary functionality is extraction of information related to online banking. At the time of research, its target list included more than sixty European banks.

TeaBot also operates as a RAT; hence, it can enable remote access and control over infected devices. Malicious programs of this type can allow for near-limitless control over compromised machines.

What is Coms ransomware?

Coms is a piece of malicious software, which is part of the Dharma ransomware family. Systems infected with this malware have their data encrypted (files are rendered inaccessible/unusable) and receive ransom demands for the decryption (access/use recovery).

As this ransomware encrypts, files are renamed following this pattern: original filename, unique ID assigned to victims, cyber criminals' email address, and the ".coms" extension.

For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[golbnaty@aol.com].coms" - after encryption. Once this process is complete, ransom notes are displayed/created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is video-change[.]digital?

Video-change[.]digital the address of an untrustworthy page that is designed to promote other pages of this kind and display its content. This page is similar to enquiryofh[.]fun, captcharesolving-universe[.]com, ne01[.]biz, and many more.

Typically, these pages are promoted via deceptive advertisements, other untrustworthy websites, and (or) potentially unwanted applications (PUAs). In other words, most users do not visit them intentionally, neither do they download and install PUAs.

What is Ghimob?

A banking trojan is a type of malware that cybercriminals use to steal financial information, login credentials from banking-related applications, or other details. Ghimob is the name of a banking trojan targeting Android users in Angola, Brazil (mainly), Germany, Mozambique, Portugal, and some other countries.

It is known that cybercriminals behind Ghimob target 153 mobile financial apps from banks, financial technology businesses, cryptocurrency, and other exchange companies. It is known that cybercriminals use email (malicious links) to distribute Ghimob.

What is the Focus Line browser hijacker?

Focus Line is a piece of dubious software categorized as a browser hijacker. Following successful infiltration, it promotes the fxsmash.xyz fake search engine. Typically, browser hijackers promote (i.e., cause redirects to) their web searchers by making changes to browser settings.

However, Focus Line does not always modify browsers. This browser hijacker also has data tracking abilities, which are used to collect browsing-related information.

Due to the questionable techniques employed to distribute browser hijackers, they are classified as PUAs (Potentially Unwanted Applications).

What is Newz Finder?

Newz Finder changes certain browser settings to search.mybrowsingsafety.pro - an address of a fake search engine. It is likely that this app collects various data (e.g., browsing-related information) as well.

It is important to mention that most users download and install browser hijackers like Newz Finder (browser hijackers) unknowingly. Applications downloaded and installed without intention to do so are called potentially unwanted applications (PUAs).

What is the enquiryofh[.]fun website?

Enquiryofh[.]fun is a webpage sharing common traits with captcharesolving-universe.com, ne01.biz, lib2.biz, and thousands of other rogue sites. This page is designed to deliver questionable material and/or redirect visitors to untrustworthy and malicious websites.

Sites like enquiryofh[.]fun are rarely accessed intentionally. Most users get redirected to them by intrusive ads or PUAs (Potentially Unwanted Applications) already infiltrated into their systems. These apps do not need explicit user consent to be installed onto devices.

PUAs can have heinous abilities, including - causing redirects, running intrusive advertisement campaigns, and gathering information relating to browsing activity.

What is Mailjet email scam?

Usually, cybercriminals behind phishing emails pretend to be legitimate companies, organizations and try to trick unsuspecting recipients into providing them sensitive information. Most of them target credit card details, login credentials, social security numbers, and other personal information.

It is common that their phishing emails contain a website link designed to open a page where visitors are asked to provide certain information. This phishing email is disguised as a letter from Mailjet, a legitimate French company.

What is the fake "Alibaba" email?

"Alibaba email virus" refers to a malware-proliferating spam campaign. This term defines a large-scale operation during which deceptive/scam emails are sent by the thousand.

The letters distributed through this campaign are disguised as notifications from Alibaba Group - a Chinese multinational technology company dealing in e-commerce, retail, Internet, and technology. These fake notifications inform recipients that their product has been ordered/purchased.

However, instead of containing information about the nonexistent purchase, the attached file triggers download/installation of the Snake Keylogger - upon opening. This malicious program is designed to record keystrokes (i.e., typed information).

Therefore, the "Alibaba" scam emails pose a serious threat to recipients' privacy and may cause a variety of severe issues.

What is captcharesolving-universe[.]com?

Sharing traits with ne01.biz, kakstitotako.com, lib2.biz, herelations.fun, and countless others, captcharesolving-universe[.]com is an untrustworthy website. Visitors to this page are presented with dubious material and/or redirected to unreliable/malicious sites.

Webpages of this kind are seldom accessed intentionally. Most users enter them via redirects caused by intrusive advertisements or installed PUAs (Potentially Unwanted Applications).

This software does not require explicit permission to be installed onto systems; hence, users may be unaware of its presence. PUAs are designed to cause redirects, deliver intrusive advertisement campaigns, and gather browsing-related information.