Virus and Spyware Removal Guides, uninstall instructions

What is Adamantium Thief?

Adamantium Thief is malicious software, which operates as a stealer. Following successful infiltration, this malware attempts to extract and exfiltrate sensitive and personal information from installed browsers.

Adamantium Thief malware is a highly dangerous program, which poses a serious threat to device and user safety. Therefore, its infections must be removed immediately upon detection.

at is Seccrypt?

Seccrypt is part of the WastedLocker ransomware family. Like most ransomware variants, Seccrypt encrypts (locks) files to prevent victims from decrypting (unlocking) them without decryption programs/keys purchased from the attackers.

This ransomware renames encrypted files by appending the ".seccrypt" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.seccrypt", "2.jpg" to "2.jpg.seccrypt", and so on. It also creates ransom messages in all folders that contain affected files.

The number of ransom messages depends on the number of files in the folder. For example, If files named "1.jpg.seccrypt" and "2.jpg.seccrypt" exist in a folder, Seccrypt creates the "1.jpg.howto_seccrypt" and "2.jpg.howto_seccrypt" ransom messages, and so on.

What is private-message[.]live?

Sharing many similarities with download-app.net, omarona.com, mekiroki.com, and countless others, private-message[.]live is a rogue website. It is designed to present visitors with dubious material and redirect them to other untrusted/malicious pages.

Users seldom access these sites intentionally - most are redirected to them by intrusive ads or installed Potentially Unwanted Applications (PUAs). These apps do not need explicit permission to be installed onto systems, and thus users may be unaware of their presence.

PUAs operate by causing redirects, running intrusive advertisement campaigns, and collecting browsing-related information.

What is yourdeliv[.]online?

Yourdeliv[.]online is similar to topcaptchasolver[.]com, eouldeco[.]online, mekiroki[.]com, and other dubious websites.

Typically, users do not visit these sites intentionally - they are opened by clicking deceptive advertisements, visiting untrusted websites, and when browsers have potentially unwanted applications (PUAs) installed on them. PUAs also gather data and serve advertisements.

What is download-app[.]net?

Download-app[.]net is a rogue website, which operates by presenting visitors with dubious material and/or redirecting them to other untrusted and possibly malicious sites.

Typically, users access these web pages via redirects caused by intrusive advertisements or installed Potentially Unwanted Applications (PUAs). This software does not require express user permission to infiltrate devices. PUAs force-open websites, run intrusive ad campaigns, and gather browsing-related information.

The internet is full of similar websites including topcaptchasolver.com, eouldeco.online, mekiroki.com, sakh.site, and mobilemediahits.com to name just a few.

What is Encrpt3d?

Ransomware is a type of malicious software that renders files stored on a computer inaccessible by encryption. Files remain encrypted unless victims use a specific tool (program or key) to recover them.

Encrpt3d encrypts and renames files, appending the ".encrpt3d" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.encrpt3d", "2.jpg" to "2.jpg.encrpt3d", and so on.

After encrypting the files, Encrpt3d displays a full-screen ransom message, which also appears after each system reboot.

What is the "$1,000 Gift Card" scam email?

"$1,000 Gift Card email scam" refers to a spam campaign, a mass-scale operation during which deceptive emails are sent by the thousand. As the campaign name suggests, the messages distributed through it urge recipients to collect a gift card worth US$1,000 (USD).

Note that these emails are scams and, as such, all of the information provided by them is false. The link presented in the scam messages redirects to various untrusted and even malicious websites. Visiting and/or using the pages promoted via this spam mail can lead to a number of serious issues.

What kind of malware is BlackRock?

BlackRock is malicious software (banking malware) that specifically targets the Android operating systems on smartphones. BlackRock was first spotted in the second quarter of 2020.

This mobile malware is created using the source code of other malicious software called Xerxes (a strain of another banking Trojan called LokiBot). Note that BlackRock targets non-financial applications (e.g., dating, social media, communication) apps as well. I.e., cyber criminals behind BlackRock also target users who do not use mobile banking apps.

What is Lawvuhqjr?

Lawvuhqjr is malicious software belonging to the Snatch ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. I.e., victims cannot access the files affected by Lawvuhqjr, and they are asked to pay to recover access to them.

During the encryption process, affected files are appended with the ".lawvuhqjr" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.lawvuhqjr", "2.jpg" as "2.jpg.lawvuhqjr", "3.jpg" as "3.jpg.lawvuhqjr", and so on.

After this process is complete, ransom messages within "HOW TO RESTORE YOUR FILES.TXT" files are dropped into compromised folders.

What is NewTaber?

NewTaber is a browser hijacker promoting the newtaber.com fake search engine. Software within this classification promotes fake search engines by making modifications to browser settings. Additionally, browser hijackers typically have data tracking capabilities, and this is likely to apply to NewTaber.

Since most users download/install browser hijackers unintentionally, they are also categorized as Potentially Unwanted Applications (PUAs).