Virus and Spyware Removal Guides, uninstall instructions

Important: You Have 19 Pending Incoming Email(s) Scam

What is the "Important: You have 19 Pending incoming email(s)" deceptive letter?

"Important: You have 19 Pending incoming email(s)" is the title of a scam email. This message warns recipients that certain emails will be deleted due to a server error, unless they update their email servers. In fact, the link in the message redirects to a phishing website hosted by the Googleapis API service.

The site is presented as a log-in page through which users can supposedly access their email accounts, however, any information entered into this web page is exposed to the scammers.

   
TroyStealer Malware

What is TroyStealer?

TroyStealer is malicious software designed to steal information. This stealer has been observed being distributed via spam email campaigns. The deceptive messages spreading this malware were targeted at Portuguese users.

The researched email variant was presented as a notification of a declined payment, which supposedly failed to go through due to incorrect bank account details provided by the recipient, however, the attached file, which allegedly contains the erroneous information, instead contains the malicious executable of TroyStealer.

   
Cooperativasantamargherita.com Ads

What is cooperativasantamargherita[.]com?

When opened, cooperativasantamargherita[.]com redirects visitors to other bogus web pages or displays dubious content. This is a rogue website, which operates in a similar way to sabs-news[.]info, pushcleansystem[.]com, checkvd[.]com, and many others.

Typically, sites such as cooperativasantamargherita[.]com are opened through deceptive ads, similar sites, or by installed potentially unwanted applications (PUAs). I.e., users do not often visit these web pages intentionally. These PUAs also gather data and display ads.

   
ESCAL Ransomware

What is ESCAL?

ESCAL was discovered by Ravi. This ransomware prevents victims from accessing/using their files by encryption. It renames them and drops the "!!_FILES_ENCRYPTED_.txt" text file (ransom message) in every folder that contains encrypted files. ESCAL renames files by appending the ".ESCAL-p9yqoly" extension to their filenames.

For example, it would rename a file such as "1.jpg" to "1.jpg.ESCAL-p9yqoly", "2.jpg" to "2.jpg.ESCAL-p9yqoly", etc.

   
HCK Ransomware

What is HCK ransomware?

Discovered by Jakub Kroustek, HCK is a malicious program belonging to the Dharma ransomware family. System infected with this malware experience data encryption and users receive random demands for decryption.

During the encryption process, all affected files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals email address and the ".HCK" extension. For example, a file such as "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[cavefat@tuta.io].HCK" after encryption.

Once this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text files, which are dropped into every compromised folder.

   
Seamletneds.club Ads

What is seamletneds[.]club?

seamletneds[.]club operates in a similar manner to sabs-news[.]info, pushcleansystem[.]com, checkvd[.]com, and many other websites - it redirects visitors to various other untrusted web pages or displays dubious content.

Generally, users do not visit these sites intentionally - seamletneds[.]club and other sites are opened via deceptive advertisements, other dubious websites, or by installed potentially unwanted applications (PUA). These rogue apps often force users to visit dubious web pages. They also gather information and serve advertisements.

   
Click-to-win-prize.com Ads

What is click-to-win-prize[.]com?

click-to-win-prize[.]com is one of many untrusted websites that redirect visitors to other web pages of this kind, or load dubious content. Some examples of similar sites are sabs-news[.]info, pushcleansystem[.]com and checkvd[.]com.

Users do not often visit these pages intentionally - in most cases, they are opened through clicked dubious ads, other bogus websites, or by installed potentially unwanted applications (PUAs). Note that PUAs are often designed to open bogus web pages, gather browsing-related information, and serve various advertisements.

   
National Bank Of Greece Email Virus

What is the fake "National Bank of Greece" email?

The "National Bank of Greece" email is a deceptive message distributed in large numbers via operations called "spam campaigns". These particular scam emails target Greek users.

The messages supposedly concern bank transfer proposals and have a transaction receipt attached to them, however, upon opening, the attached file triggers download/installation of the NanoCore RAT (Remote Access Trojan). This type of malware allows remote access and control over the infected system.

RATs have a wide range of functionalities, which enable likewise varied misuse of the compromised device.

   
Hlpp Ransomware

What is Hlpp ransomware?

Discovered by Jakub Kroustek, this ransomware is a part of the Dharma ransomware family. It is designed to encrypt victims' files, change the filenames, and provide instructions about how to contact the developers. It renames encrypted files by adding the victim's ID, hlpp@protonmail.ch email address, and appending the ".hlpp" to filenames.

For example, it would rename a file such as "1.jpg" to "1.jpg.id-1E857D00.[hlpp@protonmail.ch].hlpp", "2.jpg" to "2.jpg.id-1E857D00.[hlpp@protonmail.ch].hlpp", and so on. Instructions about how to contact Hlpp's developers are provided in the created "FILES ENCRYPTED.txt" text file and pop-up window.

   
Nypd Ransomware

What is Nypd?

Nypd belongs to the Djvu ransomware family. Like most ransomware-type programs, it encrypts files, changes their filenames by appending an extension, and creates a ransom message that contains instructions about how to contact the developers. Nypd appends the ".nypd" extension to files.

For example, it would rename a file such as "1.jpg" to "1.jpg.nypd", "2.jpg" to "2.jpg.nypd", and so on. It drops the "_readme.txt" text file (ransom message) in every folder that contains encrypted files.

   

Page 1335 of 2329

<< Start < Prev 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal