Virus and Spyware Removal Guides, uninstall instructions

What is the fake "TRIAS Token Contract Swap"?

While browsing suspicious sites, our researchers discovered this fake "TRIAS Token Contract Swap" on newtriasmigrate[.]website (other domains are not unlikely).

The scam imitates the official Trias site (trias.one), and attempts to lure users into exposing their digital wallets to a crypto drainer by promoting a fake Trias cryptocurrency swap.

What kind of scam is "New Security Updates On Email Servers"?

Our team has examined this email and found that it is intended to appear as a notification from an email service provider regarding account security. This is a phishing email crafted by scammers who aim to steal personal information from recipients. It is worth noting that there are two versions of this scam email.

What kind of malware is Scp?

Our team has examined Scp ransomware (which we discovered during an analysis of malware samples submitted to the VirusTotal platform) and found that it belongs to the Makop family. Once infiltrated, Scp encrypts files, modifies filenames (by appending the victim's ID, an email address, and the ".scp" extension), and changes the desktop wallpaper.

An example of how files encrypted by Scp are renamed: "1.jpg" is changed to "1.jpg.[2AF20FA3].[studiocp25@hotmail.com].scp", "2.png" to "2.png.[2AF20FA3].[studiocp25@hotmail.com].scp", and so forth.

What kind of email is "Server Has Been Updated - Refresh Your Email"?

After examining "Server Has Been Updated - Refresh Your Email", we determined that it is spam. This fake message states that multiple emails were undelivered, and the account must be refreshed to release them into the inbox. This mail promotes a phishing website targeting email account log-in credentials.

What kind of page is andespath[.]top?

We have inspected andespath[.]top and discovered that it is created to lure visitors into accepting its notifications. Once permission is granted, andespath[.]top can show deceptive notifications. Therefore, users should avoid visiting andespath[.]top and never consent to receive notifications from such web pages.

What kind of website is lotus-tab.com?

Lotus-tab.com is a fake search engine. Typically, these sites cannot provide search results and redirect to legitimate search engines. Fraudulent search engines are commonly promoted (via redirects) by browser hijackers.

At the time of research, lotus-tab.com was endorsed by Lotus - Your Daily Focus New Tab. Note that this webpage could be pushed by other browser hijackers, and vice versa concerning Lotus - Your Daily Focus New Tab.

What kind of application is KipcApp?

While browsing suspect websites, our researchers found one promoting a rogue installer. Upon examination, we learned that it carries KipcApp – a PUA (Potentially Unwanted Application). The setup included multiple pieces of other suspicious software. PUAs are considered a threat, as they typically possess harmful capabilities.

What kind of email is "Avoid Mailbox Interruption"?

The "Avoid Mailbox Interruption" email is spam. This fake message claims that incoming emails have been placed on hold. The goal of this mail is to trick recipients into visiting a phishing site that seeks to extract their account log-in credentials.

What is "Elon Musk - Donation From Change"?

We have inspected this email and concluded that it is a phishing email. It is created to appear as a legitimate message regarding an ability to claim a large sum of money. Scammers behind this deceptive email aim to steal personal information and (or) money from unsuspecting recipients.

What is the fake "$APU Airdrop Registration" website?

During a routine investigative session, our research team discovered this fake "$APU Airdrop Registration" website (allocation-apustaja[.]com; potentially, other domains).

The page is presented as the official site of the APU cryptocurrency token (apu.com), which is running a limited-time airdrop. When victims connect their digital wallets to this scam – they are exposed to a crypto drainer that siphons the funds stored therein.