Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "New Salary Changes"?

Our team has examined this email and concluded that it is a phishing email masquerading as a letter regarding salary changes. It is created to appear legitimate and trick unsuspecting recipients into disclosing personal information on a fake website. It is important to recognize such emails and avoid interacting with them.

What kind of malware is WeHaveSolution?

While examining malware samples uploaded to VirusTotal, we discovered ransomware known as WeHaveSolution. After infiltration, WeHaveSolution encrypts files, changes the desktop wallpaper, drops a ransom note ("READ_NOTE.html"), and appends the ".wehavesolution247" extension to filenames.

For example, it changes "1.jpg" to "1.jpg.wehavesolution247", "2.png" to "2.png.wehavesolution247", and so forth.

What is the fake "$MSC Token Airdrop"?

While inspecting dubious sites, our researchers discovered this fake "$MSC Token Airdrop" on app.mosaic[.]trading (keep in mind that it could be hosted elsewhere). The scam enticed users into exposing their digital wallet to a cryptocurrency drainer by promoting a fraudulent airdrop. Hence, victims of this scam experience financial loss.

What kind of email is "Webmail Validation Notice"?

Our inspection of the "Webmail Validation Notice" email revealed that it is spam. This message claims that incoming emails are failing to reach the recipient's inbox due to an unresolved error. With this lure, the letter tricks users into visiting a phishing website that targets email account log-in credentials.

What kind of malware is PSLoramyra?

PSLoramyra is a loader-type malware. Programs within this classification are designed to cause chain infections, i.e., download/install additional malware or malicious components. PSLoramyra is a rather sophisticated loader; it is considered a file-less malware since it executes its payload directly in memory.

What kind of malware is UwU?

While investigating new malware submissions to VirusTotal, our researchers discovered UwU ransomware. Malicious software within this classification encrypts data and demands payment for their decryption.

On our test machine, UwU encrypted files and altered their filenames by appending them with a ".MOONMAN" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.MOONMAN", "2.png" as "2.png.MOONMAN", and so on. After this process was completed, a ransom note – "READTHISNOW.txt" – was created.

What kind of page is everesthike[.]top?

Our researchers found the everesthike[.]top rogue page while investigating dubious websites. Upon inspection, we learned that this webpage promotes spam browser notifications and generates redirects to other (likely unreliable/hazardous) sites.

The majority of visitors to everesthike[.]top and similar pages access them through redirects caused by websites that employ rogue advertising networks.

What is the fake "$EBULL Airdrop"?

Our analysis of the website (ethereumbull[.]app) reveals that it impersonates the real site, ethereumbull.com. This fraudulent platform is designed to deceive users into actions that could lead to substantial financial losses. We strongly recommend exercising caution when encountering such sites to avoid falling victim to scams.

What is "I Have Penetrated Your Device's Operating System"?

We have reviewed this email and determined it to be fraudulent. It claims that a hacker has infiltrated the recipient’s operating system. There are at least two versions of this scam, with the alleged threat possibly phrased differently in other variants. However, the purpose of this scam is to extort money from victims.

What is the fake "Check MoveDrop Eligibility" website?

"Check MoveDrop Eligibility" is a scam that we discovered on movement-network[.]xyz (could be hosted elsewhere). It imitates Movement Network (movementnetwork.xyz) running an airdrop. Users are lured into exposing their digital wallets to a cryptocurrency drainer.

It must be emphasized that this scheme is not associated with the actual Movement Network or any other existing projects and entities.