Virus and Spyware Removal Guides, uninstall instructions
What kind of malware is Lockdown?
We have inspected the Lockdown malware and found that it operates as ransomware. We discovered this ransomware while examining malware samples on VirusTotal. Our analysis has shown that Lockdown encrypts files and appends the ".lockdown" extension to filenames. Also, it locks the screen and displays a ransom note (the screen unlocks after restarting the computer).
Here is an example of how files encrypted by Lockdown are renamed: "1.jpg" is changed to "1.jpg.lockdown", "2.png" to "2.png.lockdown", and so forth.
What kind of page is broidfit[.]com?
Our researchers discovered the broidfit[.]com rogue page while browsing untrustworthy websites. Upon inspecting this webpage, we learned that it aims to trick users into consenting to its browser notification delivery. Additionally, the page can generate redirects to other (likely dubious/dangerous) sites.
Broidfit[.]com and webpages akin to it are most commonly accessed through redirects produced by websites that employ rogue advertising networks.
What is the fake "Join Injective Airdrop"?
After inspecting the "Join Injective Airdrop", we determined that it is fake. We found this scam endorsed on injective.claim-foundation[.]site, but it could be hosted on other domains. This webpage imitates the Injective platform (injective.com) and lures users with a promise of an INJ token airdrop.
This scheme functions as a cryptocurrency drainer. It must be emphasized that this bogus airdrop is not associated with the actual Injective platform or any others.
What kind of page is checkouroffer[.]com?
Our researchers discovered checkouroffer[.]com while browsing suspicious websites. After examining this rogue page, we learned that it endorses browser notification spam and redirects users to different (likely untrustworthy and/or hazardous) sites.
Checkouroffer[.]com and similar webpages are primarily accessed via redirects caused by websites that employ rogue advertising networks.
What kind of page is celebbuzzingfunny[.]top?
Celebbuzzingfunny[.]top is the address of a rogue page that promotes browser notification spam and generates redirects to other (likely untrustworthy/hazardous) websites.
Our research team discovered this webpage during a routine inspection of dubious sites. Most users access celebbuzzingfunny[.]top and similar pages via redirects caused by websites that employ rogue advertising networks.
What is the fake "Aave check eligibility" website?
While investigating suspicious websites, our research team discovered this "Aave check eligibility" scam on app-aave[.]co (keep in mind it could be hosted elsewhere). Regardless of potential visual similarities, this deceptive page is not associated with any existing projects, platforms, or entities. The scheme operates as a cryptocurrency drainer – by stealing digital assets from exposed cryptowallets.
What kind of malware is Niko?
Niko is ransomware (belonging to the Makop family) that we discovered while examining malware samples uploaded to VirusTotal. Niko encrypts files and appends a string of random characters (likely the victim's ID), an email address, and the ".niko" extension to filenames. Also, it drops a ransom note named "+README-WARNING+.txt".
An example of how Niko modifies filenames: it renames "1.jpg" to "1.jpg.[42990E91].[proof3200@proton.me].niko", "2.png" to "2.png.[42990E91].[proof3200@proton.me].niko", and so forth.
What kind of malware is Sauron?
Discovered by S!Ri, Sauron is a ransomware-type program. Malicious software of this kind is designed to encrypt files and demand payment for the decryption.
After we executed a sample of this ransomware on our test machine, it encrypted files and appended their names with a unique ID assigned to the victim, the cyber criminals' email address, and a ".Sauron" extension. For example, a file initially titled "1.jpg" looked like "1.jpg.[ID-35AEE360].[adm.helproot@gmail.com].Sauron".
Once the encryption process was finished, Sauron changed the desktop wallpaper and dropped a ransom-demanding message titled "#HowToRecover.txt".
What kind of page is deszubaton[.]com?
Our examination of deszubaton[.]com revealed that it presents misleading content and requests permission to send notifications. Visiting the site and granting it permission to show notifications can put users at risk of various scams and threats. Therefore, it is strongly recommended not to trust deszubaton[.]com and to close the site if it is encountered.
What is the fake "$BabyElon Allocation" website?
While inspecting untrustworthy websites, our researchers discovered this fake "$BabyElon Allocation". We found this scam on babyelon-claim[.]net, yet it could be hosted elsewhere. Although it claims to be distributing the BabyElon memecoin, this deceptive webpage acts as a crypto drainer. Victims of this scheme experience financial loss.
More Articles...
Page 51 of 2329
<< Start < Prev 51 52 53 54 55 56 57 58 59 60 Next > End >>