Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Error Retrieving Information From Bank"?

While investigating suspect websites, our research team discovered the "Error Retrieving Information From Bank" scam. It falsely claims that there is an issue with the user's preferred payment method. Despite how the scam is presented, it is in no way associated with Google LLC or any of its services and platforms.

What kind of page is wholewownews[.]com?

Our research team found the wholewownews[.]com rogue page while inspecting suspicious websites. It operates by promoting browser notification spam and redirecting users to other (likely untrustworthy/hazardous) sites.

Most visitors to wholewownews[.]com and webpages akin to it enter them via redirects caused by sites that use rogue advertising networks.

What is the malicious "RedAlert - Rocket Alerts App"?

Malicious "RedAlert - Rocket Alerts App" – refers to a piece of software imitating the legitimate application of the same name developed by Elad Nava. The genuine app is designed to provide accurate and timely alerts regarding incoming airstrikes. This malicious software operates as spyware and collects sensitive user data.

The fake "RedAlert - Rocket Alerts App" is used to target Israelis. The emergence of this malicious app and other similar ones that are either fraudulent or trojanized – is concurrent with the 2023 Israel–Hamas war. Several such applications have been connected to pro-Palestinian hacktivist groups.

What kind of application is Hyaenidae?

After thoroughly examining the Hyaenidae browser extension, it has become clear that this extension cannot be relied upon. Hyaenidae is distributed via a malicious installer and encompasses features involving data reading and the manipulation of various Chrome browser settings as well as other components.

What kind of malware is EARTH GRASS?

During examination of samples submitted to the VirusTotal site, we have discovered a ransomware new variant of the WORLD GRASS ransomware dubbed EARTH GRASS. This ransomware encrypts files and appends the ".34r7hGr455" extension to the filenames of locked files. Also, it changes the desktop wallpaper and drops the "Read ME (Decryptor).txt" file containing a ransom note.

An example of how EARTH GRASS modifies filenames: it renames "1.jpg" to "1.jpg.34r7hGr455", "2.png" to "2.png.34r7hGr455", and so forth.

What kind of malware is 2023?

Our researchers found the 2023 ransomware-type program while inspecting new file submissions to the VirusTotal website. This program is designed to encrypt data and demand payment for its decryption. It is part of the Dharma ransomware family.

On our test machine, the 2023 program encrypted files and altered their filenames. Initial titles were appended with a unique ID, the cyber criminals' email address, and a ".2023" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.id-9ECFA84E.[servicehelp@onionmail.org].2023".

Once the encryption process was concluded, ransom notes were created/displayed in a pop-up window and a text file titled "README!.txt".

What is "PMR Law Group email virus"?

After a thorough examination of this email, it has been ascertained that it is a deceptive email designed to coax recipients into opening the attached file. The primary objective of the cybercriminals orchestrating this campaign is to mislead recipients into unwittingly running malicious software on their computers.

What kind of malware is Th?

During the examination of samples submitted to VirusTotal, the Th ransomware belonging to the Xorist family has been discovered. Cybercriminals utilize this malware to encrypt files. Additionally, Th renames files (adds the ".th" extension to filenames), displays an error window and creates the "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" file (both containing the same ransom note).

An example of how files encrypted by Th are renamed: "1.jpg" is changed to "1.jpg.th", "2.png" to "2.png.th", and so forth.

What kind of malware is Vespy Grabber?

Vespy Grabber is a sophisticated and multifaceted malware that poses a grave risk to both individual users and organizations. Vespy Grabber is a highly invasive malware strain known for its extensive capabilities, ranging from capturing desktop and webcam screenshots to exfiltrating sensitive data from various sources.

What kind of malware is Ptrz?

During the analysis of malware samples using VirusTotal, we encountered a ransomware variant known as Ptrz. This ransomware is responsible for encrypting files and altering their filenames by appending the ".ptrz" extension. Furthermore, Ptrz generates a ransom note, which can be located within a file named "_readme.txt".

Ptrz alters filenames in the following manner: it transforms a file like "1.jpg" into "1.jpg.ptrz", "2.png" into "2.png.ptrz", etc. It is important to emphasize that Ptrz is associated with the Djvu ransomware family, and cybercriminals may distribute it alongside information-stealing malware like RedLine or Vidar.