Virus and Spyware Removal Guides, uninstall instructions

What is Matiex?

Matiex is a keystroke logger which is capable of taking screenshots, recording sound with the computer microphone and data saved in the system clipboard. Its users can receive logged data via Telegram, SMTP, FTP and Discord. Research shows that this keystroke logger can be purchased for US$25, $60, or $99 depending on the subscription plan.

Generally, cyber criminals attempt to deceive users into installing this software on their computers in order to steal sensitive information, which can then be misused to generate revenue.

What is "Deutsche Bank Email Virus"?

"Deutsche Bank Email Virus" is a spam campaign distributing fake Deutsche Bank emails. Deutsche Bank is a legitimate multinational investment bank and financial services company. The aforementioned messages are disguised as mail from this bank.

The bank/company is in no way associated with these scam emails. The messages claim that a large sum has been transferred into the recipient's bank accounts. Note that this spam campaign proliferates HawkEye malware.

What is ERROR ransomware?

ERROR is a part of the GlobeImposter ransomware family. This ransomware encrypts files, renames them and creates a ransom message. It renames encrypted files by appending the ".ERROR" extension to filenames. For example, "1.jpg" would be renamed to "1.jpg.ERROR", "2.jpg" to "2.jpg.ERROR", etc.

It also creates "how_to_back_files.html", an HTML file containing instructions about how to contact ERROR's developers plus some other information.

What is the WellMess RAT?

WellMess, also known as WellMail, is a Remote Access Tool (RAT), however, when software programs of this type are used in a malicious capacity, they are referred to as Remote Access Trojans. Malware of this type enables remote access and control over an infected machine.

RATs can have a wide variety of functionality, which can be misused in likewise varied ways. The WellMess Trojan is cross-platform malware, targeting Windows and Linux operating systems. This malicious program has been observed being leveraged against Japanese organizations. RATs are classified as high-risk malware and such infections necessitate immediate removal.

What is Mnbzr?

Mnbzr belongs to the Dharma ransomware family. Malware of this type is generally designed to encrypt files, change their filenames and generate a ransom message. Mnbzr renames files by adding the victim's ID, trfgklmbvzx@aol.com email address and appending the ".mnbzr" extension to filenames.

For example, a file named "1.jpg" is changed to "1.jpg.id-1E857D00.[trfgklmbvzx@aol.com].mnbzr", "2.jpg" to "2.jpg.id-1E857D00.[trfgklmbvzx@aol.com].mnbzr", and so on. Instructions about how to contact the cyber criminals behind Mnbzr can be found in a pop-up window and "FILES ENCRYPTED.txt" ransom message.

What is CentralLot?

CentralLot is a rogue application categorized as adware with browser hijacker traits. It operates by running intrusive ad campaigns, making changes to browser settings and promoting fake search engines. CentralLot promotes Safe Finder through akamaihd.net in this way.

Most adware-type apps and browser hijackers monitor browsing activity, and CentralLot is likely to have these data tracking capabilities as well. Due to the dubious techniques employed to proliferate this app, it is classified as a Potentially Unwanted Application (PUA).

What is ScanUtilities?

ScanUtilities is software promoted as a tool capable of speeding up and improving system performance, however, due the dubious methods used to proliferate this application, it is classified as a Potentially Unwanted Application (PUA). Usually, software within this classification is nonoperational (i.e. unable to perform the advertised functionality).

Additionally, PUAs often have a number of dangerous capabilities not mentioned in their promotional material.

What is the SNT2 ransomware?

SNT2 is a malicious program belonging to the Matrix ransomware family. This malware is designed to encrypt data and demand payment for decryption.

During the encryption process, all compromised files are renamed following this pattern: "[SantaGman@criptext.com].[random-string].SNT2" (consisting of the cyber criminals' email address); string of random characters, and; the ".SNT2" extension.

For example, a file originally named "1.jpg" would appear as something similar to "[SantaGman@criptext.com].2JKbY3K2-aNLTnpbL.SNT2" following encryption. Once this process is complete, ransom messages within "#SNT2_INFO#.rtf" files are dropped into affected folders.

What is Kook?

Kook is malicious software belonging to the Djvu ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. During the encryption process, all compromised files are appended with the ".kook" extension.

For example, a file named something like "1.jpg would appear as "1.jpg.kook" following encryption. Once this process is complete, a ransom message within the "_readme.txt" file is created.

What is Tcprx ransomware?

Discovered by Marcelo Rivero, Tcprx is malicious software belonging to the Dharma ransomware family. It operates by encrypting data and demanding payment for decryption. During the encryption process, all affected files are renamed according to this pattern: original filename, unique ID, cyber criminals' email address and the ".tcprx" extension.

For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[tcprx@tutanota.com].tcprx" following encryption. An updated variant of this ransomware uses the ".[tcprx@cock.li].tcprx" extension.

After this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text files, which are dropped into compromised folders.