Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is VipKeyLogger?

During our analysis of VipKeyLogger, we found that it is malware operating as a keylogger (keystroke logger). Threat actors use malware of this type to steal sensitive information from victims. We discovered that VipKeyLogger is delivered using fraudulent emails containing a malicious attachment.

What kind of malware is CryptoAITools?

CryptoAITools is the name of a cross-platform malware that seeks to steal cryptocurrency. This software can infect Windows and Mac operating systems.

CryptoAITools is a malicious Python package, and it has been distributed via PyPI (Python Package Index) and GitHub. In the known campaigns, this malware was spread under a sophisticated disguise as a cryptocurrency trading tool.

What kind of email is "American Express - Payment On Hold"?

After inspecting the "American Express - Payment On Hold" email, we determined that it is fake. This spam mail informs the recipient of a pending merchant credit, which will be charged after 48 hours. This email aims to lure recipients into visiting a phishing site that targets American Express account log-in credentials.

What is "$SpaceX Coin Airdrop"?

Our team has inspected the site and found that it hosts a fake airdrop (cryptocurrency giveaway). In this scam, fraudsters aim to trick individuals into believing that they can receive $SpaceX coins. However, whoever falls for this scam will likely lose their cryptocurrency holdings. Thus, this web page should be avoided.

What kind of extension is Volume booster - Increase Volume?

We have examined the Volume booster - Increase Volume extension and discovered that it has traits of adware. This extension promotes potentially malicious apps, websites, and more. Therefore, it is highly advisable not to trust Volume booster - Increase Volume extension and remove it from a web browser if it has already been added.

What is travelbugtab.com?

Our analysis of travelbugtab.com revealed that it is a fake search engine promoted through a browser hijacker, an extension called Travel Bug. Users should avoid adding browser hijackers and using shady search engines to avoid exposure to potentially malicious pages, scams, and other threats. If travelbugtab.com and Travel Bug are present within a browser, they should be removed.

What is "Staff Whose Employment Have Been Terminated"?

We have inspected this email and discovered that it is a scam. It is designed to appear as an important letter from an HR manager regarding employment termination. Our analysis has shown that the purpose of this scam email is to extract personal information from recipients. Such emails are known as phishing emails, and they should be ignored.

What is "PayPal - Avira Security Purchase"?

Our team has reviewed this email and determined that it is a fake letter posing as an invoice from Avira made via PayPal. Usually, scammers behind such emails seek to extract money and (or) personal information from recipients. It is important not to respond to such emails (or open their contents) to avoid potential consequences.

What kind of malware is Interlock?

Interlock is a ransomware that encrypts files and demands payment for the decryption. In addition to a Windows variant, there is a version of Interlock targeting Linux operating systems.

When we executed a sample of this ransomware on our test machine, it encrypted files and added a ".interlock" extension to their filenames. For example, a file originally named "1.jpg" appeared as "1.jpg.interlock", "2.png" as "2.png.interlock", etc. Afterward, Interlock dropped a ransom note titled "!__README__!.txt". Double extortion is also used to force victims into paying.

Interlock ransomware targets large entities and has been used in attacks leveraged against US governmental organizations and companies operating within the healthcare and technology spheres. Additionally, the malware was used to target manufacturing companies in Europe. However, Interlock attacks appear opportunistic and not exclusive to these sectors.

What kind of page is topsafeguardcenter[.]com?

While browsing suspect websites, our researchers discovered the topsafeguardcenter[.]com rogue page. It is designed to promote deceptive content and browser notification spam. The webpage can also redirect users elsewhere (likely untrustworthy/dangerous) sites.

Most visitors enter pages like topsafeguardcenter[.]com via redirects produced by websites that use rogue advertising networks.