Virus and Spyware Removal Guides, uninstall instructions

What kind of page is gadscare[.]com?

Our researchers discovered the gadscare.com rogue page while investigating suspect sites. This webpage is designed to promote browser notification spam and redirect visitors elsewhere (likely unreliable/harmful sites). Users primarily enter such pages via redirects generated by websites using rogue advertising networks.

What is "Payment List By The Board Of Directors"?

Based on our investigation, it has been confirmed that this email has been falsified by individuals intending to engage in malicious activities. The main goal of these scammers is to trick recipients into sharing confidential information via a fraudulent page. Such pages are referred to as phishing sites.

What kind of malware is Tnwkgbvl?

Tnwkgbvl is ransomware that our team discovered while examining malware samples submitted to VirusTotal. We found that Tnwkgbvl belongs to the Snatch ransomware family. The purpose of Tnwkgbvl is to make files inaccessible by encrypting them. Also, Tnwkgbvl creates a ransom note ("HOW TO RESTORE YOUR TNWKGBVL FILES.TXT").

Additionally, Tnwkgbvl renames files by appending the ".tnwkgbvl" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.tnwkgbvl", "2.png" to "2.png.tnwkgbvl", and so forth.

What kind of malware is ShadowVault?

Targeting macOS users, ShadowVault is an information-stealing malware. Its creators market and sell it on a hacker forum at a price of $500 per month. This malicious software is capable of extracting sensitive data from web browsers, files stored on compromised computers, as well as data from cryptocurrency wallets and other sources.

What kind of application is DefaultOptimization?

DefaultOptimization is an adware-type application belonging to the AdLoad malware family, which our research team discovered while investigating new submissions to the VirusTotal site. This app is designed to display advertisements that primarily promote deceptive/malicious content.

What kind of malware is Anti-us?

Our researchers discovered the Anti-us ransomware during a routine inspection of new submissions to VirusTotal. This malware is designed to encrypt data and demand payment for its decryption.

After we executed a sample of Anti-us on our testing system, it encrypted files and appended their filenames with a ".anti-us" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.anti-us", "2.png" as "2.png.anti-us", etc. Once this process was finished, a rant-filled ransom note – "read-it"– was created.

What kind of scam is "Win Mac Book M2"?

While investigating suspicious websites, our researchers came upon the "Win Mac Book M2" scam. It claims that the visitor can win a prize by providing their data to the sponsored site. At the time of research, this scheme promoted a phishing webpage that targets email addresses.

What kind of email is "Your E-mail Will Be Closed"?

After examining the "Your E-mail Will Be Closed" spam letter, we determined that it is malspam. This fake message claims that the recipient's email account will be terminated unless it is updated. The goal is to lure the recipient into opening the malicious attachment, which is designed to infect devices with the Agent Tesla RAT (Remote Access Trojan).

What kind of page is goghoordsurvey[.]top?

Our analysis uncovered that goghoordsurvey[.]top is an unreliable website involved in a survey scam. Also, this website attempts to prompt users to enable notifications and redirects them to other shady websites. It is crucial to emphasize that users do not deliberately visit sites like goghoordsurvey[.]top.

What kind of application is ComplexPortal?

Our researchers discovered the ComplexPortal application while inspecting new submissions to the VirusTotal website. After investigating this app, it operates as advertising-supported software (adware). ComplexPortal is part of the AdLoad malware family.