Virus and Spyware Removal Guides, uninstall instructions

What kind of website is smartshopsearch.com?

Smartshopsearch.com is the address of an illegitimate search engine. Websites of this kind are typically promoted by browser hijackers. This software modifies browser settings in order to cause redirects to endorsed sites. Additionally, fake search engines and browser hijackers usually have data-tracking functionalities.

What kind of page is obsidiancutter[.]top?

Our research team discovered the obsidiancutter[.]top rogue webpage while investigating untrustworthy sites. This page is designed to promote browser notification spam and redirect visitors to other (likely unreliable/harmful) websites.

Most users access obsidiancutter[.]top and webpages akin to it via redirects generated by sites that use rogue advertising networks.

What kind of malware is Babylon?

Babylon is the name of a Remote Access Trojan (RAT). This program is designed to allow remote access and control over infected machines. Like most trojans of this kind, Babylon is multi-functional. It can perform various commands on compromised devices, and as such, it is deemed to be a high-risk threat.

What kind of email is "American Express Merchant Reward"?

After examining the "American Express Merchant Reward" email, we determined that it is fake. This spam letter claims that the recipient has an incoming payment, to receive which – they must update and verify their account. It must be emphasized that this phishing mail is in no way associated with the actual American Express Company.

What kind of page is mountaincaller[.]top?

While examining this page, we noticed that shows misleading content to trick visitors into agreeing to receive notifications. Also, mountaincaller[.]top redirects visitors to similar websites. Thus, it is highly advisable not to visit mountaincaller[.]top. It is worth mentioning that users rarely open such pages on purpose.

What kind of malware is Black Hunt 2.0?

While investigating new submissions to the VirusTotal site, our research team discovered the Black Hunt 2.0 ransomware. This malicious program encrypts data and demands ransoms for its decryption.

On our test machine, Black Hunt 2.0 encrypted files by appending their filenames with a unique ID assigned to the victim, the cyber criminals' email address, and a ".Hunt2" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.[H5uuEUou7Ulql9eQ].[dectokyo@onionmail.org].Hunt2", and so on.

Afterward, Black Hunt 2.0 created several ransom-demanding messages. It displayed one note before the log-in screen, another in a pop-up widow ("#BlackHunt_ReadMe.hta"), and a text file ("#BlackHunt_ReadMe.txt"). Additionally, this ransomware changed the desktop wallpaper.

What is "Your Mailbox Will Be Temporarily Blocked"?

Our investigation revealed that this email is a phishing attempt, cleverly disguised as a letter from an email service provider. The scammers intend to deceive recipients into divulging sensitive personal information. To achieve this, they utilize a phishing website.

What kind of malware is Cactus?

Cactus is ransomware that encrypts data, provides a ransom note ("cAcTuS.readme.txt"), and appends the ".CTS1" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.CTS1", "2.png.CTS1", and so forth.

Cactus can use different encryption modes. Depending on the encryption mode used, Cactus may add new extensions, such as ".CTS1.CTS6", after each encryption process.

What kind of malware is LOCK2023?

LOCK2023 is ransomware that our malware researchers discovered while examining samples submitted to the VirusTotal website. LOCK2023 encrypts files, provides a ransom note ("README.txt"), and appends the ".LOCK2023" extension to filenames. For example, it renames "1.jpg" to "1.jpg.LOCK2023", "2.png" to "2.png.LOCK2023", and so forth.

Our analysis revealed that LOCK2023 is a new variant of another ransomware known as CONTI.

What is FakeSG?

FakeSG is the name of a malware campaign. It involves compromised websites that imitate the potential victim's browser and urge them to update it. However, instead of installing a browser upgrade, the victim inadvertently allows malicious software to infiltrate their device.

The observed FakeSG campaigns proliferated the NetSupport Manager RAT (Remote Access Tool), which in turn is capable of infecting systems with additional malicious programs and components.

Utilizing fake browser updates to distribute malware is a known technique; however, what makes FakeSG stand out are the multiple payload delivery techniques, level of obfuscation, and (currently) up-to-date browser lures.