Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "CONFIRM DELIVERY INFORMATION"?

Upon examining this email, we have discovered that its intention is to deceive individuals into divulging personal details. The scammers behind this email pose as a reputable company, DHL, and include a hyperlink to a fraudulent website designed to gather sensitive information.

What kind of malware is RootTeam?

RootTeam is malicious software specifically designed to steal sensitive information from targeted systems. Its primary objective is to gather various data. Typically, malware of this type operates covertly, often evading detection by security systems and remaining undetected for extended periods, posing a significant risk to individuals and organizations alike.

What kind of malware is Snea575?

While examining malware samples uploaded to VirusTotal, we discovered ransomware called Snea575. Our analysis uncovered that Snea575 is based on Chaos ransomware. It encrypts files, appends the ".hackedbySnea575" extension to filenames, changes the desktop wallpaper, and creates the "README_txt.txt" file (a ransom note).

An example of how Snea575 modifies filenames: it renames "1.jpg" to "1.jpg.hackedbySnea575", "2.png" to "2.png.hackedbySnea575", and so forth.

What kind of malware is Waqq?

During our examination of malware samples uploaded to the VirusTotal platform, we identified Waqq ransomware, which encrypts files and appends the ".waqq" extension to the filenames of the encrypted files. Furthermore, Waqq creates a ransom note (the "_readme.txt" file).

An example of how Waqq changes filenames: it renames "1.jpg" to "1.jpg.waqq", "2.png" to "2.png.waqq", etc. It is important to highlight that Waqq belongs to the Djvu ransomware family, and thus threat actors may distribute it in conjunction with other information stealers like RedLine, Vidar, and similar malware.

What kind of malware is Gaqq?

During our analysis of malware samples submitted to VirusTotal, our team discovered Gaqq, a variant belonging to the Djvu ransomware family. Gaqq primarily focuses on encrypting files. Additionally, it alters filenames by appending the ".gaqq" extension, and generates a ransom note titled "_readme.txt".

For instance, Gaqq renames a file named "1.jpg" to "1.jpg.gaqq", "2.png" to "2.png.gaqq", and so forth. In some cases, cybercriminals employ data-stealing malware like RedLine and Vidar to extract sensitive information before utilizing Djvu ransomware to encrypt files.

What kind of application is EnumeratorMachine?

EnumeratorMachine is a rogue application that we discovered while investigating new submissions to the VirusTotal site. This app is designed to run intrusive ad campaigns – hence, it is classified as adware. Additionally, EnumeratorMachine is part of the AdLoad malware family.

What kind of scam is "Virus Has Been Detected On Your Device"?

While examining deceptive websites, we discovered the "Virus Has Been Detected On Your Device" technical support scam. It makes false claims regarding infections on the visitor's device and it being blocked due to illegal activity. The goal is to trick victims into calling the provided fake helpline and thus entangling them into a scam.

What kind of page is allcommonstories[.]com?

While investigating questionable websites, our researchers discovered the allcommonstories[.]com rogue page. It is designed to promote browser notification spam and redirect visitors to other (likely unreliable/hazardous) sites.

Most users enter allcommonstories[.]com and webpages akin to it via redirects caused by sites that employ rogue advertising networks.

What kind of application is OpticalFraction?

Our research team found the OpticalFraction rogue application during a routine inspection of new submissions to the VirusTotal website. After investigating this app, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family.

What kind of application is FormatClick?

While inspecting new submissions to the VirusTotal website, we discovered the FormatClick application. After investigating this piece of software, we determined that FormatClick is adware, and that it is part of the AdLoad malware family.