Virus and Spyware Removal Guides, uninstall instructions

What kind of application is ParaceratheriumBugtiense?

In the course of our examination of the ParaceratheriumBugtiense browser extension, we came across troubling activities, including the activation of the "Managed by your organization" function in Chrome settings and the collection of user data. Our encounter with ParaceratheriumBugtiense stemmed from our investigation of a harmful installer.

What kind of malware is Loda?

Loda, a remote access trojan (RAT), has remained actively employed by various threat actors since 2016. Its capabilities encompass activities like password theft, collecting sensitive data, keylogging, screen capture, and disseminating additional malicious payloads. Typically, Loda is delivered via phishing campaigns.

What kind of application is Rapid Spell Check Extension?

Upon evaluating Rapid Spell Check Extension, it became evident that its primary intention is to function as a browser hijacker, aiming to promote find.msrc-nav.com, a fake search engine. This extension alters browser settings to assert control. To prevent potential harm, users whose browsers have been hijacked by Rapid Spell Check Extension should promptly remove the application.

What kind of scam is "Adobe PDF Shared"?

Upon inspecting this email, we determined it to be a phishing attempt, posing as a notification regarding a shared document. Scammers employ this method to deceive recipients into visiting a fake website and divulging sensitive information. Consequently, we strongly advise recipients to refrain from engaging with this email and to disregard it.

What kind of application is IchthyostegaStensioei?

During our investigation into the IchthyostegaStensioei browser extension, we discovered concerning actions such as enabling the "Managed by your organization" feature within Chrome settings and gathering user data. Our encounter with IchthyostegaStensioei arose as a result of our examination of a potentially harmful installer that had been downloaded from a dubious site.

What kind of page is getpotectnow[.]click?

While checking out suspect websites, our research team discovered the getpotectnow[.]click rogue page. It operates by promoting scams and browser notification spam. This webpage can also redirect visitors to different (likely dubious/malicious) sites.

Most users access pages like getpotectnow[.]click through redirects generated by websites that utilize rogue advertising networks.

What kind of page is generalprotection[.]click?

Generalprotection[.]click is a rogue page that our researchers discovered during a routine inspection of dubious websites. It is designed to run scams and push spam browser notifications. Additionally, this webpage can redirect users to other (likely unreliable/dangerous) sites.

Visitors to generalprotection[.]click and pages akin to it access them primarily via redirects generated by websites that employ rogue advertising networks.

What kind of malware is Alvaro?

Alvaro is a ransomware-type program designed to encrypt files and demand ransoms for their decryption. After we launched a sample of Alvaro on our test system, it encrypted files and altered their filenames.

Titles of the affected files were appended with the attackers' email, a unique ID assigned to the victim, and a ".alvaro" extension. For example, a file named "1.jpg" appeared as "1.jpg.EMAIL = [alvarodecrypt@gmail.com]ID = [20240].alvaro". After this process was completed, a ransom-demanding message titled "FILE ENCRYPTED.txt" was dropped.

What kind of email is "Incoming Messages Were Not Delivered"?

Our inspection of the "Incoming Messages Were Not Delivered" email revealed that it is spam. This letter claims that several messages failed to reach the recipient's inbox. This mail targets email passwords, which are extracted through a phishing site disguised as an account sign-in page.

What kind of page is mca-track[.]online?

While inspecting suspicious websites, our research team discovered the mca-track[.]online and mcatrack[.]online rogue pages. They are designed to promote scams and browser notification spam. Additionally, such webpages can redirect visitors elsewhere (likely unreliable/malicious sites). Most users access pages like these via redirects caused by websites that utilize rogue advertising networks.