Virus and Spyware Removal Guides, uninstall instructions

What is thi-tl websites?

Thi-tl is a series of domains with different numbers in their URLs. We discovered the purpose of these pages is to trick visitors into permitting them to show notifications. When on thi-tl sites, users are presented with a misleading message (or messages). Pages that use deception to obtain permission to send notifications should be avoided.

What kind of malware is Biobio (Kasper)?

While investigating new malware submissions to VirusTotal, our researchers discovered the Biobio ransomware. It is a variant of the Kasper ransomware. Programs of this kind encrypt data and demand ransoms for its decryption.

On our test machine, Biobio (Kasper) ransomware encrypted files and modified their names. Original filenames were appended with the attackers' email address, a unique ID assigned to the victim, and a ".biobio" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.EMAIL=[biobiorans@gmail.com]ID=[CC3B1F89FAA517E4].biobio".

After the encryption process was completed, a ransom-demanding message was created in a text file named "biobio ransmoware.txt".

What kind of page is befimtiboagop[.]com?

Our researchers discovered befimtiboagop[.]com during a routine inspection of dubious websites. Upon examination, we learned that this rogue page promotes browser notification spam and redirects to other (likely unreliable/hazardous) sites. Most visitors enter befimtiboagop[.]com and webpages akin to it via redirects caused by websites that utilize rogue advertising networks.

What kind of page is wouldlottads[.]top?

Our inspection of wouldlottads[.]top revealed it to be a deceptive webpage designed to gain permission to send notifications using clickbait tactics. Users should avoid visiting wouldlottads[.]top and similar sites. If you have already granted wouldlottads[.]top permission to send notifications, it is recommended to revoke this permission.

What kind of page is thedilgad[.]top?

During our inspection of thedilgad[.]top, we found it to be a deceptive web page. It is designed to obtain permission to show notifications through clickbait. Users should avoid visiting thedilgad[.]top and similar web pages. If thedilgad[.]top already has permission to send notifications, this permission should be revoked.

What kind of page is alkads[.]com?

We have inspected alkads[.]com and learned that it is a shady website created to deceive visitors into granting it permission to display notifications. Like most web pages of this type, alkads[.]com uses clickbait to obtain that permission. Users should avoid visiting alkads[.]com and similar sites.

What kind of page is bivos[.]xyz?

We have inspected bivos[.]xyz and concluded that it is an unreliable website designed to lure visitors into accepting to receive its notifications. Also, if allowed, bivos[.]xyz sends misleading notifications (e.g., fake warnings). Therefore, users should avoid bivos[.]xyz and not allow it to show notifications.

What kind of page is toreffirmading[.]com?

Our researchers discovered the toreffirmading[.]com rogue page while investigating suspect websites. After examining this webpage, we learned that it promotes browser notification spam and generates redirects to different (likely unreliable/hazardous) sites.

Users primarily access pages like toreffirmading[.]com through redirects caused by websites that employ rogue advertising networks.

What is the fake "$AVAIL Airdrop" website?

Our researchers discovered this fake "$AVAIL Airdrop" on sign-in-availproject.pages[.]dev (but it could be hosted elsewhere). This page imitates the Avail platform (availproject.org). It entices users with a promise of an AVAIL token airdrop.

This scam aims to deceive users into exposing their digital wallets to a cryptocurrency drainer. It must be emphasized that this airdrop is fake, and it is not associated with the actual Avail platform.

What kind of page is himalayaview[.]top?

Our researchers discovered the himalayaview[.]top rogue page while browsing suspicious sites. Upon inspection, we determined that it promotes browser notification spam and redirects users to different (likely untrustworthy/hazardous) websites.

Most visitors access himalayaview[.]top and similar webpages via redirects caused by sites using rogue advertising networks.