Virus and Spyware Removal Guides, uninstall instructions

Lockdown Ransomware

What kind of malware is Lockdown?

We have inspected the Lockdown malware and found that it operates as ransomware. We discovered this ransomware while examining malware samples on VirusTotal. Our analysis has shown that Lockdown encrypts files and appends the ".lockdown" extension to filenames. Also, it locks the screen and displays a ransom note (the screen unlocks after restarting the computer).

Here is an example of how files encrypted by Lockdown are renamed: "1.jpg" is changed to "1.jpg.lockdown", "2.png" to "2.png.lockdown", and so forth.

   
Broidfit.com Ads

What kind of page is broidfit[.]com?

Our researchers discovered the broidfit[.]com rogue page while browsing untrustworthy websites. Upon inspecting this webpage, we learned that it aims to trick users into consenting to its browser notification delivery. Additionally, the page can generate redirects to other (likely dubious/dangerous) sites.

Broidfit[.]com and webpages akin to it are most commonly accessed through redirects produced by websites that employ rogue advertising networks.

   
Join Injective Airdrop Scam

What is the fake "Join Injective Airdrop"?

After inspecting the "Join Injective Airdrop", we determined that it is fake. We found this scam endorsed on injective.claim-foundation[.]site, but it could be hosted on other domains. This webpage imitates the Injective platform (injective.com) and lures users with a promise of an INJ token airdrop.

This scheme functions as a cryptocurrency drainer. It must be emphasized that this bogus airdrop is not associated with the actual Injective platform or any others.

   
Checkouroffer.com Ads

What kind of page is checkouroffer[.]com?

Our researchers discovered checkouroffer[.]com while browsing suspicious websites. After examining this rogue page, we learned that it endorses browser notification spam and redirects users to different (likely untrustworthy and/or hazardous) sites.

Checkouroffer[.]com and similar webpages are primarily accessed via redirects caused by websites that employ rogue advertising networks.

   
Celebbuzzingfunny.top Ads

What kind of page is celebbuzzingfunny[.]top?

Celebbuzzingfunny[.]top is the address of a rogue page that promotes browser notification spam and generates redirects to other (likely untrustworthy/hazardous) websites.

Our research team discovered this webpage during a routine inspection of dubious sites. Most users access celebbuzzingfunny[.]top and similar pages via redirects caused by websites that employ rogue advertising networks.

   
Aave Check Eligibility Scam

What is the fake "Aave check eligibility" website?

While investigating suspicious websites, our research team discovered this "Aave check eligibility" scam on app-aave[.]co (keep in mind it could be hosted elsewhere). Regardless of potential visual similarities, this deceptive page is not associated with any existing projects, platforms, or entities. The scheme operates as a cryptocurrency drainer – by stealing digital assets from exposed cryptowallets.

   
Niko Ransomware

What kind of malware is Niko?

Niko is ransomware (belonging to the Makop family) that we discovered while examining malware samples uploaded to VirusTotal. Niko encrypts files and appends a string of random characters (likely the victim's ID), an email address, and the ".niko" extension to filenames. Also, it drops a ransom note named "+README-WARNING+.txt".

An example of how Niko modifies filenames: it renames "1.jpg" to "1.jpg.[42990E91].[proof3200@proton.me].niko", "2.png" to "2.png.[42990E91].[proof3200@proton.me].niko", and so forth.

   
Sauron Ransomware

What kind of malware is Sauron?

Discovered by S!Ri, Sauron is a ransomware-type program. Malicious software of this kind is designed to encrypt files and demand payment for the decryption.

After we executed a sample of this ransomware on our test machine, it encrypted files and appended their names with a unique ID assigned to the victim, the cyber criminals' email address, and a ".Sauron" extension. For example, a file initially titled "1.jpg" looked like "1.jpg.[ID-35AEE360].[adm.helproot@gmail.com].Sauron".

Once the encryption process was finished, Sauron changed the desktop wallpaper and dropped a ransom-demanding message titled "#HowToRecover.txt".

   
Deszubaton.com Ads

What kind of page is deszubaton[.]com?

Our examination of deszubaton[.]com revealed that it presents misleading content and requests permission to send notifications. Visiting the site and granting it permission to show notifications can put users at risk of various scams and threats. Therefore, it is strongly recommended not to trust deszubaton[.]com and to close the site if it is encountered.

   
$BabyElon Allocation Scam

What is the fake "$BabyElon Allocation" website?

While inspecting untrustworthy websites, our researchers discovered this fake "$BabyElon Allocation". We found this scam on babyelon-claim[.]net, yet it could be hosted elsewhere. Although it claims to be distributing the BabyElon memecoin, this deceptive webpage acts as a crypto drainer. Victims of this scheme experience financial loss.

   

Page 51 of 2329

<< Start < Prev 51 52 53 54 55 56 57 58 59 60 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal