Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is PepeCry?

PepeCry is ransomware discovered during an analysis of samples uploaded to the VirusTotal website. PepeCry is designed to encrypt files (which makes them inaccessible), add the ".cry" extension to filenames, and display a ransom note. An example of how PepeCry modifies filenames: it renames "1.jpg" to "1.jpg.cry", "2.png" to "2.png.cry", and so forth.

What kind of app is RosaCanina?

RosaCanina is a browser extension that has come under scrutiny when examining a malicious installer hosted on a suspicious website. This browser extension possesses several noteworthy capabilities, some of which have raised concerns regarding user privacy and browser security.

What kind of page is myabsconds[.]com?

Myabsconds[.]com is a rogue webpage discovered by us during a routine investigation of dubious sites. It is designed to push browser notification spam and redirect visitors to other (likely untrustworthy/malicious) websites.

Users primarily access pages like myabsconds[.]com through redirects generated by sites that employ rogue advertising networks.

What kind of software is Best Friend Backgrounds?

Our research team discovered the Best Friend Backgrounds browser extension during a routine investigation of untrustworthy sites. This extension promises to display canine-themed browser wallpapers.

After analyzing this piece of software, we determined that it is a browser hijacker. Best Friend Backgrounds makes alterations to browser settings in order to promote (through redirects) the bestfriendbackgrounds.com fake search engine.

What kind of email is "Bank Of America - Fund Transfer"?

After reviewing "Bank Of America - Fund Transfer", we determined that it is a phishing email. This letter name-drops several genuine entities and claims that through their joint efforts, a large monetary fund will be dispersed between 700,000 people across America, Europe, and Asia – and the email recipient is one of them. This mail targets personally identifiable data.

It must be stressed that all the information provided by this spam email is false, and this mail is in no way associated with any legitimate companies or organizations.

What kind of malware is Millenium?

Millenium malware is a Remote Access Trojan (RAT). Programs categorized as such are designed to enable attackers to have remote access and control over infected machines. RATs tend to be highly versatile, and Millenium is not an exception. It can execute various commands on compromised devices, and this trojan has extensive data-stealing capabilities.

What kind of malware is GoldDigger?

GoldDigger is an Android Trojan with a focus on financial institutions, having been operational since at least June 2023. This Trojan camouflages itself as a counterfeit Android app, capable of mimicking both a Vietnamese government portal and a local energy firm, all with the primary objective of pilfering banking credentials.

What kind of email is "A Payment Has Been Posted On Your Card"?

After reviewing the "A Payment Has Been Posted On Your Card" email, we determined that it is fake. Presented as a notification from American Express, it claims that the recipient has been given a reward payment.

The letter instructs to download and access the attachment, thus validating the payment and releasing it to their account. However, the attachment is a phishing file that targets log-in credentials.

It must be emphasized that all the claims made by this email are false, and this mail is not associated with the actual American Express Company.

What kind of application is Carnivora?

Carnivora is a malicious browser extension that has been discovered during analysis of a malicious installer hosted on a suspicious website. Carnivora is capable of performing actions such as adding the "Managed by your organization" feature to browsers, managing themes and extensions, and reading various data.

What kind of malware is SaveLock?

SaveLock is a ransomware-type program discovered during a routine investigation of new submissions to the VirusTotal site. This malicious program is part of the MedusaLocker ransomware family. SaveLock operates by encrypting data to demand ransoms for its decryption.

On our testing system, this ransomware encrypted files and altered their filenames. Original names were appended with a ".savelock52" extension, e.g., a file like "1.jpg" appeared as "1.jpg.savelock52", "2.png" as "2.png.savelock52", and so on for all of the locked files.

After the encryption process was completed, a ransom-demanding message titled "How_to_back_files.html" was dropped. The text therein makes it evident that SaveLock targets companies and utilizes double extortion tactics.