Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "WebMail Server Manager"?

Our examination of the "WebMail Server Manager" email revealed that it is malspam. This spam letter informs the recipient that multiple messages have failed to reach their inbox.

Supposedly, the undelivered emails can be found in the attachments. The attached files are identical, and both are designed to infect systems with the Agent Tesla RAT (Remote Access Trojan).

What kind of application is AdAssistant?

AdAssistant is an application that our researchers discovered while inspecting deceptive sites. After investigating this piece of software, we determined that it is adware. Additionally, the installation setup containing AdAssistant was bundled with the Shop and Watch, ChatGPT Check, and NXD Fix rogue browser extensions.

What is "Shipping Bills & Export Declaration Form"?

After examining this letter, we have concluded that its intent is to deceive recipients into infecting their computers. The email appears as a correspondence related to shipping bills and export declaration forms, but it includes an attachment specifically crafted to introduce Remcos RAT into the targeted computers.

What kind of malware is NIGHT CROW?

Our research team discovered the NIGHT CROW ransomware while inspecting new submissions to the VirusTotal website. This program is designed to encrypt data and demand payment for its decryption.

On our test machine, NIGHT CROW encrypted files and appended their filenames with an extension. The titles had ".NIGHT_CROW" added to them, e.g., a file initially named "1.jpg" appeared as "1.jpg.NIGHT_CROW", "2.png" as "2.png.NIGHT_CROW", etc. Afterward, a ransom note titled "NIGHT_CROW_RECOVERY.txt" was dropped.

What kind of malware is BBTok?

The BBTok is a banking Trojan written in Delphi equipped with specialized functionality that mimics the interfaces of over 40 Mexican and Brazilian banks. Its deceptive tactics involve luring victims into divulging their 2FA codes for bank accounts or their payment card numbers.

Additionally, BBTok boasts capabilities such as process enumeration and termination, control over keyboard and mouse functions, and manipulation of clipboard contents.

What kind of malware is IRATA?

IRATA is the name of an Android-specific malware. This program has spyware and stealer capabilities. It was discovered after a smishing (SMS phishing) attack in Iran. This campaign entailed legitimate-looking SMSes containing a link to a fake governmental website. The page urged visitors to download an app and pay a fee for the service.

It is noteworthy that IRATA has the ability to create a botnet from infected devices and use it to self-proliferate via spam text messages.

What kind of application is Shop and Watch?

During an examination of the Shop and Watch browser extension, we discovered that it displays annoying advertisements. Thus, Shop and Watch can be classified as adware. Also, Shop and Watch adds the "Managed by your organization" feature to Chrome browsers and can read various data. Users should not trust this application and remove it from the affected browsers.

What is AnkylosaurusMagniventris?

While analyzing an untrustworthy installer obtained from an unreliable website, we came across the AnkylosaurusMagniventris browser extension. The investigation revealed troubling attributes linked to this extension, including its capacity to enable the "Managed by your organization" setting in the Chrome browser, collect user data, and manipulate browser components.

What kind of malware is LostTrust?

LostTrust is the name of a ransomware variant discovered by us while examining malware samples submitted to VirusTotal. The purpose of LostTrust is to encrypt data to make it inaccessible to victims. Also, LostTrust appends the ".losttrustencoded" extension to filenames and delivers a ransom note ("!LostTrustEncoded.txt").

An example of how LostTrust modifies filenames: it changes "1.jpg" to "1.jpg.losttrustencoded", "2.png" to "2.png.losttrustencoded", and so forth.

What kind of software is NXD Fix?

While investigating deceptive sites, we discovered an installer containing the NXD Fix browser extension. This piece of software is classified as a browser hijacker.

However, NXD Fix does not operate as a standard hijacker, i.e., it does not modify browser settings and does not routinely redirect to fake search engines. NXD Fix does promote nxdfix.com under specific circumstances.