Virus and Spyware Removal Guides, uninstall instructions

What is "Instagram password hacking tool"?

Cyber criminals attempt to trick users into installing malware on their computers in various ways. In most cases, they disguise a malicious file or program as legitimate and hope that users open/launch it. In this particular case, cyber criminals claim that there is a tool available, which is capable of hacking Instagram accounts.

Their main goal is to trick people into launching/executing an installer designed to install this tool. In fact, the installer is malicious and designed to infect operating systems with malware.

What is zmusic-online[.]com?

Sharing many similarities with routemob.com, rministencew.club, news-back.best and thousands of others, zmusic-online[.]com is a rogue website that redirects visitors to other untrusted/malicious sites and/or contains dubious content.

Most users access zmusic-online[.]com (and similar pages) when they are redirected to it by intrusive ad campaigns or Potentially Unwanted Applications (PUAs) already installed on the system. These apps do not need express user permission to infiltrate devices.

PUAs operate by causing redirects, running intrusive ad campaigns and collecting browsing-related information.

What is routemob[.]com?

routemob[.]com opens dubious websites or loads unwanted content. There are are many websites similar to routemob[.]com on the internet. Some examples are rministencew[.]club, news-back[.]best and sombes[.]com. Note that users do not often visit these sites intentionally - they are opened by installed potentially unwanted applications (PUAs).

Similarly, people do not often download or install PUAs intentionally.

What is "SD BIOSENSOR Email Virus"?

"SD BIOSENSOR" is yet another Coronavirus/COVID-19-themed spam campaign. The term "spam campaign" is used to define a large scale operation, during which thousands of deceptive/scam emails are sent. The messages are disguised as mail from a legitimate global bio-diagnostic company (SD BIOSENSOR).

These emails are presented as important orders concerning the pandemic, however, rather than containing this information, upon opening, the attached Excel file initiates download/installation of MassLogger malware.

What is Fob?

Discovered by Michael Gillespie, Fob is variant of WannaScream ransomware. Fob encrypts victims' files, modifies their filenames, creates and displays a ransom message. It renames encrypted files by adding the victim's ID and decrypt25@protonmail.com email address, and appending the ".Fob" extension to filenames.

For example, it renames a file called "1.jpg" to "1.jpg.[1E857D00[decrypt25@protonmail.com].Fob", "2.jpg" to "2.jpg.[1E857D00[decrypt25@protonmail.com].Fob", etc. It launches one a ransom message from the created "info.hta" file and creates another in a text file named "ReadMe.txt".

What kind of email is "2020 MASTERCARD USERS AWARD"?

Typically, scammers behind phishing emails seek to trick recipients into divulging various personal information. For example, passwords (login credentials), credit card details, and/or transferring certain sums of money.

Scammers send this particular email to deceive people into believing that their email address was selected as a winner of a "2020 MASTERCARD USERS AWARD" lottery.

What is the GraceWire Trojan?

GraceWire is malicious program classified as an information-stealing Trojan (stealer). Malware within this classification targets a wide variety of data and can cause especially serious issues. GraceWire has been observed being proliferated through a malicious website, which asks users to perform a 'CAPTCHA' to verify that they are not 'robots'.

When this is done, the site downloads a dangerous Excel spreadsheet, which, upon opening, initiates the infection process of GraceWire.

What is FRAT?

FRAT is a Remote Access Trojan (RAT), a type of malware program that allows cyber criminals responsible to monitor and control the infected computer. Generally, users install RATs on their computers inadvertently.

The malware is used to infect computers with other software of this kind and/or steal sensitive information and files that could be misused for malicious purposes. Research shows that FRAT collects information using Node.js, Sails, and Socket.IO.

What is Moba ransomware?

Moba is malicious software belonging to the Djvu ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. During the encryption process, files are appended with the ".moba" extension.

To elaborate, following encryption, a file originally named something like "1.jpg" would appear as "1.jpg.moba", and so on for all affected files. After this process is complete, a ransom message ("_readme.txt") is dropped into compromised folders.

What is Pykw?

Belonging to a ransomware family called Djvu, Pykw encrypts files, appends its extension to each encrypted file, and creates a ransom message.

For example, it would rename "1.jpg" to "1.jpg.pykw", "2.jpg" to "2.jpg.pykw", and so on. Instructions about how to contact the cyber criminals behind Pykw are provided in the "_readme.txt" text file, which this ransomware drops in every folder that contains encrypted data.