Virus and Spyware Removal Guides, uninstall instructions

What kind of page is euopue[.]click?

In our analysis of euopue[.]click, we discovered that the site's purpose is to obtain permission to show notifications. Euopue[.]click uses a deceptive method to trick users into allowing it to send notifications. Therefore, it is advisable to avoid visiting euopue[.]click.

What kind of page is behque[.]click?

Our researchers discovered the behque[.]click rogue website during a routine inspection of suspicious sites. Upon examination, we determined that this page endorses browser notification spam and generates redirects to other (likely unreliable/dangerous) websites.

The majority of visitors to behque[.]click and analogous webpages access them via redirects produced by sites that utilize rogue advertising networks.

What is the fake "$OBT Airdrop"?

"$OBT Airdrop" is a scam that masquerades as the official website of Orbiter Finance (orbiter.finance). The fake site promotes an airdrop of the OBT token (Orbiter Finance's native token). Users who attempt to participate in this bogus event – inadvertently expose their digital wallets to a cryptocurrency drainer.

What kind of malware is EByte Locker?

We discovered EByte Locker while analyzing malware samples submitted to VirusTotal. During the inspection, we found that EByte Locker is ransomware based on Prince. Upon infiltration, EByte Locker encrypts files and appends ".EByteLocker" to them. It also changes the desktop wallpaper and provides a ransom note ("Decryption Instructions.txt").

Here is an example of how EByte Locker renames files: it changes "1.jpg" to "1.jpg.EByteLocker", "2.png" to "2.png.EByteLocker", etc.

What is Traw Dapp?

Our investigation into the Traw Dapp shows that security vendors classify it as malicious, and the app lacks any identifiable functions. Additionally, Traw Dapp is used to deliver Legion Loader, malware that can deliver harmful payloads. As a result, users should not install Traw Dapp and promptly remove it if it is already present.

What kind of malware is Spring?

Spring is a malicious program based on CONTI ransomware. It is designed to encrypt data and demand ransoms for the decryption.

Spring ransomware encrypts files and appends their names with a ".FIND_EXPLAIN.TXT.spring" extension. To elaborate, a file initially named "1.jpg" appears as "1.jpg.FIND_EXPLAIN.TXT.spring", "2.png" as "2.png.FIND_EXPLAIN.TXT.spring", and so on for all of the locked files. Afterward, Spring creates a ransom note titled "EXPLAIN.txt".

What kind of scam is "FedEx Delivery Address Confirmation"?

During our analysis, we discovered that this is a phishing email disguised as a notification from FedEx, a legitimate American company specializing in transportation, e-commerce, and business services. The purpose of this deceptive email is to extract personal information from recipients through a phishing site.

What kind of malware is PNGPlug?

PNGPlug is a malware loader used in attacks targeting Chinese-speaking regions (such as Hong Kong, Taiwan, and mainland China). These campaigns often start with phishing websites designed to deceive users into running a malicious Microsoft Installer (MSI) package camouflaged as legitimate software.

What is the fake "Claim Obol" website?

After inspecting this "Claim Obol" website (claim.obol[.]bet; other domains are not unlikely), we determined that it is fake. It imitates the official site of the Obol Collective (obol.org), yet it is in no way associated with this platform. The imitator page promotes a cryptocurrency drainer that steals funds from exposed digital wallets.

What kind of email is "Bittrex Inc Bankruptcy Notice"?

After examining this "Bittrex Inc Bankruptcy Notice" email, we determined that it is spam. This fake message states that account holders with the Bittrex cryptocurrency exchange can reclaim their holdings, and the recipient can now transfer over four thousand USD of their digital assets. The scam email promotes a crypto drainer website that siphons funds from exposed digital wallets.