Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is PixBankBot?

PixBankBot is an Android banking Trojan that exploits the Pix instant payment platform. This Trojan specifically targets Brazilian banks and employs an ATS (Automated Transfer System) framework for its operations. It should be removed from infected devices as soon as possible to avoid potential harm.

What kind of page is glam-celebrity-news[.]com?

Our research team discovered the glam-celebrity-news[.]com rogue site while inspecting untrustworthy websites. This page operates by pushing browser notification spam and redirecting visitors to different (likely suspicious/malicious) sites.

Users typically access glam-celebrity-news[.]com and webpages akin to it – through redirects caused by websites that use rogue advertising networks.

What kind of page is psoufauh[.]com?

Psoufauh[.]com is among the numerous websites that utilize deceptive tactics to deceive visitors into granting permission to display notifications. Furthermore, while navigating psoufauh[.]com, users may encounter redirections to unreliable websites. Our team discovered psoufauh[.]com while examining websites associated with dubious advertising networks.

What kind of page is centrumrocks[.]com?

Centrumrocks[.]com is the URL of a rogue page that our researchers discovered while investigating suspicious websites. It is designed to promote dubious content and spam browser notifications. Additionally, this page can redirect visitors to other (likely unreliable/harmful) websites.

Most users access centrumrocks[.]com and similar webpages via redirects caused by sites that use rogue advertising networks.

What kind of malware is DogeRAT?

DogeRAT is an Android malware known as a Remote Access Trojan (RAT) that operates under an open-source framework. It masquerades as a legitimate application and is being circulated through social media platforms and messaging apps.

Threat actors behind DogeRAT focus on a broad range of industries, with a particular interest in targeting customers in the Banking and Entertainment sectors.

What kind of malware is Werz?

While examining malware samples on VirusTotal, we encountered Werz, a variant of the Djvu ransomware family. This particular ransomware encrypts files and modifies their original filenames by appending the ".werz" extension. For example, encrypted files that were originally named "1.jpg" would be renamed to "1.jpg.werz", "2.werz" to "2.png.werz", etc.

Additionally, it leaves behind a ransom note, a text file named "_readme.txt". It is important to note that Werz ransomware may be distributed alongside other types of malware, including information stealers like Vidar and RedLine.

What kind of malware is Weon?

Our team has recently identified a new member of the Djvu ransomware family known as Weon. Weon is malicious software (ransomware) that encrypts files, rendering them inaccessible to users. We discovered Weon while analyzing samples on the VirusTotal website.

It is important to be aware that Weon may be distributed with other types of malware, such as information stealers like RedLine or Vidar. When Weon infects a system, it modifies the filenames of encrypted files by appending the ".weon" extension (e.g., it renames "1.jpg" to "1.jpg.weon", "2.png" to "2.png.weon", etc.). Additionally, it leaves a ransom note named "_readme.txt".

What kind of page is onegadsdesign[.]com?

During our review of websites utilizing questionable advertising networks, we encountered onegadsdesign[.]com, one of the numerous sites employing deceptive tactics to persuade visitors to enable browser notifications. It is important to note that while browsing onegadsdesign[.]com, users may also experience redirects to other untrustworthy websites.

What kind of page is bonumfactum[.]pl?

Upon examining bonumfactum[.]pl, we found that it is a shady website that can send untrustworthy notifications. Also, it may redirect visitors to other pages of this kind. Our team discovered bonumfactum[.]pl while inspecting dubious ads and sites that use rogue advertising networks.

What kind of page is tuallyenitwasbr[.]com?

During our investigation of tuallyenitwasbr[.]com, we discovered that it is an untrustworthy website that presents deceptive content and requests permission to display notifications. Furthermore, tuallyenitwasbr[.]com redirects visitors to other suspicious sites. Therefore, it is advisable for users to exercise caution and promptly close tuallyenitwasbr[.]com if encountered.