Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Muggle?

Muggle is the name of an information stealer developed using the Go programming language. This malware is capable of stealing passwords, capturing screenshots, and gathering certain system information. Muggle should be removed from infected operating systems as soon as possible.

What kind of malware is TOITOIN?

TOITOIN is a trojan-type malware with information-stealing capabilities. This piece of malicious software has been observed as the final payload in sophisticated multi-stage infections. The attacks were highly targeted and leveraged against businesses based in the Latin American region.

What kind of scam is "Your Account Will Be Blocked"?

Upon examining this email, we have determined it to be a phishing attempt. The content of the email has been crafted by fraudsters who impersonate an email service provider to trick unsuspecting recipients into divulging personal information on a fraudulent website. It is highly recommended that recipients disregard and refrain from engaging with such emails.

What is "Requested Documents"?

Upon examination of this email, we have determined that it is a fraudulent message falsely purporting to be related to the requested documents. The intention behind this email is to deceive recipients into unknowingly executing malware via the attached PDF document. The specific malware being distributed through this malicious spam campaign is referred to as Qakbot.

What kind of application is ViewInput?

During our analysis of the ViewInput application, we observed its intrusive advertising behavior, leading us to classify it as adware. Adware is commonly distributed through questionable means, which can result in unintentional installation by unsuspecting users. Apps of this kind should not be trusted.

What kind of malware is Gayn?

While examining malware samples submitted to the VirusTotal website, our analysis revealed the presence of a ransomware variant called Gayn. This ransomware employs file encryption to block access to files and modifies filenames by adding the ".gayn" extension. Additionally, it generates a ransom note, a file named "_readme.txt".

An example showcasing the filename modification performed by Gayn is the transformation of "1.jpg" into "1.jpg.gayn" and "2.png" into "2.png.gayn", and so forth. It is worth mentioning that Gayn is a member of the Djvu ransomware family, which is known to be distributed by threat actors in conjunction with information stealers such as RedLine and Vidar.

What kind of malware is Gazp?

Gazp is ransomware belonging to the Djvu family that employs encryption to lock data and appends the ".gazp" extension to file names. Additionally, Gazp generates a "_readme.txt" file that contains instructions for contacting the attackers and making ransom payments.

It is common for Djvu ransomware to be distributed in conjunction with information stealers like RedLine or Vidar. Our team discovered Gazp during our analysis of malware samples submitted to VirusTotal. An example of how Gazp transforms file names: it changes "1.jpg" to "1.jpg.gazp" and "2.png" to "2.png.gazp" and so forth.

What kind of application is ResultsDisplay?

ResultsDisplay is a rogue application we discovered while investigating new submissions to the VirusTotal website. Our analysis of this app revealed that it is adware. ResultsDisplay is part of the AdLoad malware family.

What kind of application is ActiveProtocol?

Our research team found the ActiveProtocol app while inspecting new submissions to VirusTotal. After examining this application, we determined that ActiveProtocol is adware belonging to the AdLoad malware family.

What kind of email is "OneDrive Purchase Order"?

After inspecting the "OneDrive Purchase Order" email, we determined that it is spam operating as a phishing scam. This bogus letter claims that the recipient was sent documents for a purchase order via OneDrive.

It must be emphasized that this spam mail is in no way associated with the actual OneDrive file hosting/sharing service or its developer – the Microsoft Corporation.