Virus and Spyware Removal Guides, uninstall instructions

What is the "I have got two not really pleasant news for you" scam email?

"I have got two not really pleasant news for you" refers to a sextortion spam campaign. The term "spam campaign" defines a large-scale operation during which deceptive emails are sent by the thousand.

The letters distributed through this campaign - use the sextortion scam model, which states that the sender has obtained explicit recordings (of a sexual nature) featuring the recipient. It must be emphasized that the claims made by "I have got two not really pleasant news for you" emails - are false.

Hence, no compromising videos of the recipient exist, and the scammers' threats are empty. Therefore, these scam letters must be ignored.

What is captcharesolver[.]com?

Captcharesolver[.]com is one of the many deceptive websites containing shady content and opening other pages of this kind. More examples of pages like captcharesolver[.]com are captchareverse[.]com, video-notification[.]digital, and ngthatwe[.]fun.

Usually, these pages get opened through various untrustworthy pages, dubious advertisements, or potentially unwanted applications (PUAs) that users have unknowingly installed on a browser or the operating system. In other words, users do not open/visit sites like captcharesolver[.]com on purpose.

What is CryptOstonE?

CryptOstonE is a new variant of the CryptoWire ransomware. Systems infected with this malware have their data encrypted and receive ransom demands for the decryption.

In other words, the files affected by CryptOstonE are locked and rendered useless, and victims are asked to pay - to recover access to their data. During the encryption process, CryptOstonE renames files by inserting ".encrypted" in-between the filename and its extension.

For example, a file initially titled something like "1.jpg" would appear as "1.encrypted.jpg", "2.jpg" as "2.encrypted.jpg", and so on. Once this process is complete, a ransom note is displayed in a pop-up.

There is reason to believe that CryptOstonE ransomware is still in development and may have been released for testing purposes. The pop-up window lacks the cyber criminals' contact details and payment information, which prevents victims from even attempting to meet the ransom demands.

What is Walgreens Rewards scam?

Walgreens is the name of the second-largest pharmacy store chain in the United States. Scammers behind this scam use Walgreens's name (and logo) to trick people into believing that they have been chosen as the winners of some prize that can be claimed through the website link in an email spam campaign that scammers use to promote this scam.

It is important to mention that that the same scam website promoted via email could be promoted via shady advertisements, other untrustworthy websites, and unwanted applications. In one way or another, it is strongly recommended to ignore scams like this one, they often are used to extract personal information.

What is captchareverse[.]com?

Сaptchareverse[.]com is a deceptive website designed to load questionable content and promote other pages of this kind. It is very similar to a great number of other sites.

A couple of examples are video-notification[.]digital, ngthatwe[.]fun, and ndmeeting[.]fun. Another thing that websites like captchareverse[.]com have in common is that users do not visit them intentionally.

Usually, users end up on them after clicking on deceptive advertisements, while visiting other questionable sites or when browsers have some potentially unwanted application (PUA) installed on them that regularly opens such pages.

What is bruklo[.]com?

Sharing many similarities with video-notification.digital, ngthatwe.fun, ndmeeting.fun, partmentha.fun, and thousands of others, bruklo[.]com is an untrustworthy website. It operates by presenting visitors with questionable content and/or redirecting them to other rogue and possibly malicious pages.

Users seldom enter such sites intentionally; most get redirected to them by intrusive ads or PUAs (Potentially Unwanted Applications) already installed onto their devices.

This software does not require explicit user consent to infiltrate systems. PUAs are designed to cause redirects, run intrusive advert campaigns, and collect browsing-related information.

What is 2122 ransomware?

Ransomware is a type of malicious software that is designed to make files inaccessible by encrypting them and generate a ransom note (create a text file, or display a pop-up window). Quite often, malware of this type renames encrypted files by appending its extension to their filenames. 2122 was discovered by Jakub Kroustek.

This ransomware variant is part of the Dharma ransomware family. It renames encrypted files by appending the victim's ID, 2021@onionmail.org email address, and ".2122" to their filenames.

For example, 2122 renames a file named "1.jpg" to "1.jpg.id-C279F237.[2021@onionmail.org].2122", "2.jpg" to "2.jpg.id-C279F237.[2021@onionmail.org].2122", and so on. 2022 both creates and displays a ransom note, the "FILES ENCRYPTED.txt" file, and a pop-up message.

What is the HPJ ransomware?

Discovered by Jakub Kroustek, HPJ is a malicious program, which belongs to the Dharma ransomware group. This malware is designed to encrypt data and demand ransoms for the decryption.

In other words, the files affected by HPJ become inaccessible/useless, and victims are asked to pay - to recover access/use of their data. During the encryption process, files are retitled following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address, and the ".HPJ" extension.

For example, a file initially named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[hpjar@keemail.me].HPJ" - after encryption. Once this process is complete, ransom-demanding messages are displayed/created in a pop-up window and "MANUAL.txt" text file.

What is HabitsRAT?

A remote administration Trojan (RAT) is a malicious software that gives the attackers the ability to access and control infected devices remotely. It is known that most cybercriminals use RATs to steal sensitive information, files and (or) distribute other malware.

Research shows that HabitsRAT is the name of a RAT written in Go programming language. Cybercriminals can use this malware to attack both Windows and Linux users. Although, HabitsRAT may be compatible with other operating systems in the future.

What is ConfigProgress?

ConfigProgress is an adware-type application with browser hijacker traits. It operates by delivering intrusive advert campaigns and promoting fake search engines through modification of browser settings.

Furthermore, most rogue apps of this type collect browsing-related data. Due to the questionable techniques employed in ConfigProgress' proliferation, it is also classified as a PUA (Potentially Unwanted Application).

This piece of software has been notably spread through fake Adobe Flash Player updates. It is important to mention that illegitimate updaters/installers may distribute malware (e.g., trojans, ransomware, etc.) as well.