Virus and Spyware Removal Guides, uninstall instructions

What kind of application is SempervivumTectorum?

During our investigation of a malicious installer, we discovered concerning actions performed by the SempervivumTectorum browser extension, including enabling the "Managed by your organization" feature in Chrome settings and collecting user data. Thus, users who have SempervivumTectorum added to their browsers should remove the app as soon as possible.

What kind of scam is "Your Google Account Has Been Locked!"?

While inspecting deceptive sites, our research team discovered the "Your Google Account Has Been Locked!" scam. Specifically, it is a technical support scam.

It informs the website's visitor that their Google account has been blocked due to visits to harmful pages which pose significant threats. The scheme urges to call the provided helpline in order to unlock the device.

It must be stressed that all these claims are false, and this scam is in no way associated with Google LLC or any of its products/services.

What kind of application is Whatodo?

Our team assessed the Whatodo browser extension and determined that it functions as a browser hijacker. Its main objective is to promote gsrcunow.com, a fake search engine, by altering the settings of the compromised browser. Typically, users inadvertently introduce browser hijackers to their browsers.

What is "Donation From Coca-Cola"?

Following an analysis of this email, we have determined that it constitutes a fraudulent scheme. It masquerades as a communication from the Coca-Cola company. The scammers orchestrating such deceptive emails aim to obtain money or sensitive data from unsuspecting recipients. It is highly advisable to disregard and not engage with such emails.

What kind of page is arminuntor[.]com?

While inspecting arminuntor[.]com, our team found that this page presents misleading content to trick visitors into allowing it to send notifications. Additionally, arminuntor[.]com redirects visitors to other unreliable websites. Thus, it is highly recommended to avoid visiting arminuntor[.]com and similar pages.

What kind of malware is Hgfu?

While analyzing malware samples on the VirusTotal platform, we encountered the Hgfu ransomware belonging to the Djvu malware family. Upon infiltrating a computer, this ransomware encrypts data and adds the ".hgfu" extension to file names. For example, a file originally named "1.jpg" transforms into "1.jpg.hgfu", "2.png" changes to "2.png.hgfu", etc.

In addition to encrypting files, Hgfu generates a ransom note in the form of a text file titled "_readme.txt". The distribution of Hgfu may involve information-stealing malware such as Vidar and RedLine. Cybercriminals often employ these stealers to obtain sensitive information before using Djvu ransomware for data encryption.

What kind of malware is Hgew?

During our examination of malware samples submitted to VirusTotal, we came across a ransomware variant identified as Hgew. This particular ransomware is designed to encrypt files and alter their filenames by appending the ".hgew" extension. Furthermore, Hgew generates a ransom note, which can be located within a file named "_readme.txt".

An example of how Hgew changes filenames: it renames files like "1.jpg" to "1.jpg.hgew", "2.png" to "2.png.hgew" and so forth. Hgew belongs to the Djvu ransomware family. It means that cybercriminals may distribute this ransomware together with information-stealing malware such as RedLine or Vidar.

What kind of page is totalsystematicpcanalytic[.]info?

Totalsystematicpcanalytic[.]info is a rogue webpage designed to promote scams and spam browser notifications. It can also redirect users to other (likely unreliable/harmful) websites.

Most visitors to pages of this kind access them through redirects generated by sites utilizing rogue advertising networks. Our research team discovered the totalsystematicpcanalytic[.]info page while routinely investigating websites that use said networks.

What kind of application is DominantNetwork?

Our research team discovered the DominantNetwork adware-type app while checking out new file submissions to the VirusTotal website. This application is part of the AdLoad malware family. It is designed to run intrusive advertisement campaigns.

What kind of software is AI Image of the Day?

Our research team found the AI Image of the Day browser extension during a routine investigation of deceptive websites. This extension is endorsed as a tool that displays Artificial Intelligence (AI) generated browser wallpapers.

After testing this piece of software, we determined that it is a browser hijacker. AI Image of the Day makes changes to browser settings and potentially spies on users' browsing activity.