Virus and Spyware Removal Guides, uninstall instructions

U.S. Small Business Administration Email Virus

What is the fake "U.S. Small Business Administration" email?

The "U.S. Small Business Administration" email is part of yet another spam campaign exploiting the Coronavirus/COVID-19 pandemic.

Supposedly from the US Small Business Administration (SBA), the emails are disguised as containing information regarding the Paycheck Protection Program, Economic Injury Disaster Loans and Emergency Grants, and Small Business Debt Relief - as part of the CARES (Coronavirus Aid, Relief, and Economic Security) act.

These emails are designed to target small business owners/representatives, possibly SBA applicants who had their personally identifiable information exposed. The messages have infectious files attached, which contain GuLoader malware. This, in turn, infects systems with the Remcos Remote Access Tool (RAT).

When used for malicious purposes, this software is termed a 'Remote Access Trojan'.

   
TopicFirst Adware (Mac)

What is TopicFirst?

TopicFirst is a potentially unwanted application (PUA), an adware-type app supposedly designed to improve the browsing experience. In fact, it feeds users with advertisements, promotes Safe Finder (by opening it via akamaihd.net) and might also gather information. Users often download and install adware unintentionally and, therefore, TopicFirst is categorized as a PUA.

   
Hupigon RAT

What is the Hupigon RAT?

Hupigon is a Remote Access Trojan (RAT). Malware of this type allows almost user-level access and control over the infected device. RATs can have capabilities that enable likewise varied misuse. In the case of Hupigon, as well as granting access/control, it also has significant information-stealing capabilities.

This Trojan has been observed being proliferated for an extensive period of time through a variety of tactics. Recently, however, it was distributed using adult dating-themed spam campaigns, largely targeting faculty members and students of United States universities and colleges.

   
Shootlock Ransomware

What is Shootlock?

Discovered by Michael Gillespie, Shootlock is a malicious program and a new Makop ransomware variant. This malware encrypts data of the infected system to demand ransom payments for decryption tools/software.

When Shootlock ransomware encrypts data, all affected files are renamed according to the following pattern: original filename, unique ID assigned to victims, cyber criminals' email address and the ".shootlock" extension.

For example, a file such as "1.jpg" would appear as something similar to "1.jpg.[E38D7F03].[n0pr0blems@protonmail.com].shootlock" following encryption.

Once this process is complete, a ransom message ("readme-warning.txt") is created on the desktop. Updated variants of this ransomware use the ".[troubleshooter@cock.li].shootlock" extension for encrypted files.

   
BazarBackdoor Malware

What kind of malware is BazarBackdoor?

BazarBackdoor was developed by the cyber criminals who developed TrickBot. They use this 'backdoor' malware as a tool to compromise infected networks. They might also use it to attack regular users. In most cases, threat actors use software such as BazarBackdoor to steal sensitive, financial data, and install additional malware.

If you have BazarBackdoor or other malware installed on your computer, remove it immediately.

   
Translations Instant Browser Hijacker

What is Translations Instant?

Like most browser hijackers, Translations Instant assigns certain browser settings to the address of a fake search engine (to promote it). In this case, it sets them to translationsinstanthtab.com. Commonly, apps of this type record various user-system information (typically, browsing-related details) as well.

People often download apps such as Translations Instant inadvertently and, therefore, these browser hijackers are categorized as potentially unwanted applications (PUAs).

   
Easy News Now Adware

What is Easy News Now?

Easy News Now is advertised as an app which provides quick access to various news-related web pages, however, this is a potentially unwanted application (PUA) classified as adware. Easy News Now serves advertisements and might collect browsing-related (and other) information.

Adware-type apps are classified as PUAs, since people tend to download and install them inadvertently.

   
Search Sherpa Browser Hijacker

What is Search Sherpa?

Search Sherpa is a browser hijacker. This piece of software modifies browser settings to promote search-sherpas.com, a fake search engine. Furthermore, it possesses data tracking capabilities employed to monitor users' browsing activity. Due to its dubious proliferation methods, Search Sherpa is also classified as a Potentially Unwanted Application (PUA).

   
Zorgo Ransomware

What is Zorgo?

Zorgo is a malicious ransomware-type program based on HiddenTear. It is designed to encrypt the data of infected systems in order to demand payment for decryption. During the encryption process, all affected files are appended with the ".zorgo" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.zorgo" following encryption. After this process is complete, a file named "READ_IT.txt" containing the ransom message is dropped into every compromised folder. Additionally, Zorgo changes the desktop wallpaper.

   
InteractivePremium Adware (Mac)

What is InteractivePremium?

InteractivePremium is a rogue application classified as adware. It runs intrusive advertisement campaigns. Additionally, it has browser hijacker characteristics. InteractivePremium modifies browsers to promote bogus search engines. This app promotes Safe Finder via akamaihd.net.

Most adware type apps and browser hijackers have data tracking capabilities, which are employed to monitor users' browsing habits. Due to InteractivePremium's dubious proliferation methods, it is classified as a Potentially Unwanted Application (PUA).

   

Page 1375 of 2329

<< Start < Prev 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal