Virus and Spyware Removal Guides, uninstall instructions

Join MetaMask 3.0 Scam

What is the fake "Join MetaMask 3.0" website?

Upon examining this "Join MetaMask 3.0" website (server1.update-metamask.workers[.]dev), we determined that it is fake. It masquerades as the official site of the MetaMask cryptocurrency wallet. This "Join MetaMask 3.0" scam aims to trick users into exposing their digital wallets to a crypto drainer, which is designed to steal funds stored therein.

   
Privasea Registration Scam

What is the fake "Privasea Registration" website?

During a routine investigation, our researchers discovered this fake "Privasea Registration" site (registration-privasea[.]org; other domains are possible). The scam imitates the Privasea AI Network (privasea.ai) and promises rewards to entice users into exposing their digital wallets to a crypto drainer.

   
SOMO Registration Scam

What is the fraudulent "SOMO Registration" site?

Our team has examined the website (registration-somogames[.]com) and found that it is a scam website posing as the real SOMO page (somo.xyz). We also found that the purpose of the fraudulent page is to steal cryptocurrency. Therefore, it is highly advisable to avoid this site and always verify the legitimacy of websites.

   
Blockchain Rewards Email Scam

What is "Blockchain Rewards" scam campaign?

Our team has analyzed this scam campaign and found that there are at least two versions of this scam email. In both cases, the goal is to trick recipients into disclosing personal information on a deceptive website. Emails of this type are called phishing emails. Recipients should avoid such emails.

   
DARKSET Ransomware

What kind of malware is DARKSET?

DARKSET is a malicious program categorized as ransomware. It is designed to encrypt files and demand ransoms for their decryption.

On our testing system, DARKSET encrypted files and added a ".DARKSET" extension. For example, a file initially named "1.jpg" looked like "1.jpg.DARKSET", "2.png" as "2.png.DARKSET", etc. After this process was completed, the ransomware changed the desktop wallpaper and created a ransom-demanding message titled "ReadMe.txt".

   
Arcus Ransomware

What kind of malware is Arcus?

We have examined Arcus and found that it is ransomware with two variants, one of which is based on Phobos ransomware. It encrypts files and appends an extension to filenames (the extension depends on the ransomware variant). Also, Arcus provides a ransom note (the Phobos variant generates an "info.txt" file and displays a pop-up window; the second one drops the "Arcus-ReadMe.txt" file).

The Phobos variant renames files by appending the victim's ID, an email address, and the ".Arcus" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.id[9ECFA84E-3537].[arcustm@proton.me].Arcus" and "2.png" to "2.png.id[9ECFA84E-3537].[arcustm@proton.me].Arcus". The second variant appends "[Encrypted].Arcus" to filenames (e.g., "1.jpg[Encrypted].Arcus").

   
MrBeast Ransomware

What kind of malware is MrBeast?

MrBeast ransomware is malware designed to encrypt files to extract money from victims. Additionally, this ransomware renames files by appending the ".MrBeastOfficial@firemail.cc-MrBeastRansom" extension and provides two ransom notes (displays a pop-up message and creates a text file named "MrBeastChallenge.txt").

An example of how MrBeast ransomware changes filenames: it renames "1.jpg" to "1.jpg.MrBeastOfficial@firemail.cc-MrBeastRansom", "2.png" to "1.jpg.MrBeastOfficial@firemail.cc-MrBeastRansom", and so forth. It is important to clarify that MrBeast is an online alias of a popular YouTuber who has nothing to do with the ransomware.

   
Server Detected Network Error #404 Email Scam

What is "Server Detected Network Error #404"?

Our team has examined this email and found that it masquerades as a notification from an email service provider. The scammers behind this fraudulent email seek to steal personal information via a deceptive page. Such emails are known as phishing emails, and recipients should ignore them.

   
Traversol.co.in Ads

What kind of page is traversol.co[.]in?

While investigating suspect sites, our researchers discovered the traversol.co[.]in rogue page. After inspecting this webpage, we learned that it endorses browser notification spam and redirects users to different (likely untrustworthy/hazardous) websites.

The majority of visitors enter traversol.co[.]in and pages of this kind via redirects caused by sites that utilize rogue advertising networks.

   
Seedify Regstration Scam

What is the fake "Seedify Regstration" website?

While browsing suspicious websites, our researchers discovered the "Seedify Regstration" scam. It imitates the Seedify website (seedify.fund). The scheme operates as a cryptocurrency drainer and steals funds from exposed digital wallets. It must be emphasized that this scam is not associated with Seedify.

   

Page 32 of 2329

<< Start < Prev 31 32 33 34 35 36 37 38 39 40 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal