Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Lucky?

Lucky is the name of a ransomware-type program that our researchers discovered during a routine inspection of new submissions to the VirusTotal website. This malicious program is part of the Phobos ransomware family.

On our test machine, Lucky encrypted files and altered their filenames. Original titles were appended with a unique ID, the cyber criminals' email address, and a ".Lucky" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3451].[dopingen@rambler.ru].Lucky", and so forth.

Once the encryption process was concluded, this ransomware created ransom notes in a pop-up window ("info.hta") and text file ("info.txt").

What is "Webmail Action Required"?

We have examined this email and determined that it is a scam. It is crafted to lure visitors into providing personal information on a phishing website. The scammers pose as an email service provider to gain recipients' trust. It is strongly advised to avoid interacting with any links within such emails or providing any information to scammers.

What is "Your AVAST AntiVirus License Has Expired!"?

Our team has examined the page and learned that it shows deceptive messages to trick visitors into believing that their Avast Antivirus license has expired. Usually, such websites are generated by affiliates seeking commission by endorsing legitimate software.

However, it is important to exercise caution and not trust websites that utilize scare tactics, even if the software they promote is legitimate.

What kind of scam is "Netherlands De Lotto"?

We have examined this email and determined that it is a lottery scam. This email claims that recipients have won a large sum of money in sweepstakes, despite never having participated. Typically, such emails urge recipients to provide personal information or pay money to claim the prize. Recipients should ignore this and similar emails.

What kind of software is NX Gone?

While investigating dubious websites, our research team discovered the NX Gone browser extension. It is promoted as a tool that aids novice users in navigating the Internet. However, after inspecting this extension, we determined that it is advertising-supported software (adware).

What kind of application is PhaseAware?

Our researchers found the PhaseAware app while inspecting new submissions to the VirusTotal website. When we examined this application, we learned that it is adware belonging to the AdLoad malware family. PhaseAware is designed to generate revenue for its developers by feeding users with unwanted/deceptive advertisements.

What kind of email is "DHL Delivery Payment"?

Our inspection of the "DHL Delivery Payment" email revealed that it is fake. This spam letter claims that the recipient has to make a payment to have their package delivered to their home. It must be emphasized that this email is a scam, and it is in no way associated with the DHL delivery company.

What kind of scam is "Your Identity Has Been Stolen!"?

Our researchers discovered the "Your Identity Has Been Stolen!" scam while investigating suspicious sites. The scheme falsely claims that the user's device is infected and that their identity has been stolen. Typically, scams of this kind are used to promote untrustworthy/harmful software or bogus security services.

What kind of email is "Adobe Sign"?

Our examination of the "Adobe Sign" email revealed that it is spam. The aim of this phishing letter is to lure recipients into disclosing their email account log-in credentials by claiming that it is necessary in order to view the sent contract documents. It must be emphasized that this spam mail is in no way associated with the actual Adobe Inc.

What kind of malware is Rajah?

Our research team discovered the Rajah ransomware while inspecting new submissions to VirusTotal. This malicious program is part of the Makop ransomware family. Ransomware is designed to encrypt data and demand payment for its decryption.

On our test system, Rajah encrypted files and added a unique ID assigned to the victim, the cyber criminals' email address, and a ".rajah" extension to their titles. For example, a file originally named "1.jpg" appeared as "1.jpg.[2AF20FA3].[rajah@airmail.cc].rajah". Afterward, a ransom note titled "+README-WARNING+.txt" was created.