Virus and Spyware Removal Guides, uninstall instructions

What is the fake "cPanel" email?

"cPanel email scam" refers to a phishing spam campaign, a large-scale operation during which thousands of deceptive emails are sent. These email messages are disguised as notifications from the cPanel company, developers of web hosting control panel software of the same name.

At the time of research, there were two variants of this scam. One, a notification concerning privacy policy updates, the other notifies recipients that their website has been suspended. Note that these emails are in no way associated with the genuine cPanel, LLC.

This spam campaign aims to extract sensitive information (i.e., cPanel log-in credentials) via an HTML file attached to the scam messages.

What is the fake "Monthly Email Validation" email?

"Monthly Email Validation" is the name of a phishing spam campaign. This term defines a large-scale operation during which thousands of deceptive emails are sent. These scam messages claim that certain functions of recipients' email accounts are unavailable due to it failing the "monthly validity check" test.

The hoax emails urge recipients to perform the test manually in order to restore the mailbox's supposedly restricted features.

The aim of this spam campaign is to promote a phishing website, which is presented as a mail account log-in page. Information (i.e., email addresses and passwords) entered into this site are exposed to the scammers behind the "Monthly Email Validation" messages, thereby allowing them to steal the corresponding accounts.

What is Empros Lines email virus?

In most cases, cyber criminals behind malspam attempt to trick recipients into providing sensitive information (e.g., credit card details or other banking-related information, login credentials), or installing malicious software onto their computers via malicious links or attachments.

Note that cyber criminals disguise their emails as urgent, official messages from legitimate, well-known companies. This particular phishing email is used to trick recipients into installing a Remote Administration Tool (RAT) called WebMonitor.

What is Crypter ransomware?

Belonging to the VoidCrypt ransomware family, Crypter is a malicious program designed to encrypt data and demand ransoms for decryption. I.e., victims are unable to access/use files affected by this malware, and they are asked to pay to restore the data.

When Crypter encrypts, files are renamed according to this pattern: original filename, cyber criminals' email address, unique ID assigned to the victims, and ".crypter" extension.

For example, a file initially named "1.jpg" would appear as something similar to "1.jpg.[Ashibaj@Cock.li][7BRSYKEICN90WA5].crypter" following encryption. After this process is complete, a ransom message is created/displayed in a pop-up window ("!INFO.HTA").

What is WebMonitor?

Remote access/administration tool (RAT) software allows users to control other computers (which also have RATs installed) remotely. Software of this type can be used legitimately (for example, to provide remote technical support), however, cyber criminals also exploit RATs. They use RATs to access sensitive information, install malware, and for other malicious purposes.

The WebMonitor RAT is developed by a company named Revcode. It is advertised as a legitimate remote administration tool that allows users to remotely control computers via a web browser.

In fact, WebMonitor is classified as malicious software by a number of antivirus companies because it has features used mainly by cyber criminals. WebMonitor is also advertised on hacker forums. This RAT is compatible with Windows and Android operating systems.

What is the "Firewall Spyware Alert"?

"Firewall Spyware Alert" is the name of a technical support scam, which is promoted through various untrusted sites. There are several versions of this online scheme, yet thematically they are identical. The primary differences are visual, and there are slight variations on the fake messages.

Essentially, these scams claim that users' devices have been infected with spyware and/or other viruses, and urge them to establish contact with the scammers by calling the provided telephone numbers. The "Firewall Spyware Alert" scam is disguised as an alert from Microsoft (or its products).

It must be emphasized that none of the information provided by this scheme is true, and it is in no way associated with the real Microsoft Corporation. Tech support scams aim to gain and subsequently abuse victims' trust in order to generate profit at their expense.

These schemes pose a serious threat to device and user safety. Typically, users enter deceptive websites via mistyped URLs, or redirects caused by intrusive advertisements or installed Potentially Unwanted Applications (PUAs).

What is Beaf ransomware?

Ransomware is a type of malware designed to encrypt files stored on a device. Typically, victims cannot use encrypted files unless they are recovered with valid decryption tools.

Ransomware often renames files as well. Beaf appends the ".beaf" extension to filenames. For example, "1.jpg" becomes "1.jpg.beaf", "2.jpg" to "2.jpg.beaf", and so on. It also creates a ransom message within the "DecryptGuide.txt" text file.

What is SearchMusicStream?

SearchMusicStream is classified as a browser hijacker. After installation it changes certain browser settings to searchmusicstream.com, the address of a fake search engine. Most apps of this type collect data (usually, browsing-related details).

Note that many users download and install apps such as SearchMusicStream (browser hijackers) unintentionally and, therefore, they are classified as potentially unwanted applications (PUAs).

What is Quick App?

Quick App is dubious software categorized as a browser hijacker. It operates by promoting the quicknewtab.com fake search engine through modification of browser settings.

Additionally, Quick App monitors users' browsing habits and collects vulnerable data. Since most users download/install browser hijackers unintentionally, they are also classified as Potentially Unwanted Applications (PUAs).

What is mycoolnewz[.]com?

There are many websites similar to mycoolnewz[.]com on the internet. Some examples are private-message[.]live, download-app[.]net, and omarona[.]com. Do not trust these websites and avoid them.

Many users arrive at websites such as mycoolnewz[.]com after clicking untrusted advertisements, visiting other dubious websites, or when they have potentially unwanted applications (PUAs) installed on operating systems or web browsers. They are classified as potentially unwanted because most users download and install them inadvertently.