Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "MyGov Secure Message"?

Our examination of the "MyGov Secure Message" email revealed that it is fake. This phishing letter is presented as a notification from myGov – a multi-purpose service provided by the Australian Government. myGov primarily deals with government-related (or adjacent) services by providing digital identity validation.

The "MyGov Secure Message" scam email aims to trick recipients into attempting to sign into their myGov accounts via a phishing site. Trusting this spam letter can result in a variety of severe issues. Therefore, the false claims must be ignored, and the email must be reported as spam.

What kind of email is "Order Trial"?

Upon reviewing this email, our team has determined that it is fraudulent and pertains to a fabricated purchase order confirmation. Additionally, there is a malicious file attached to the email. It is evident that this email is being utilized by cybercriminals to deceive the recipients into infecting their devices.

What kind of malware is GoldenWolf42?

GoldenWolf42 is ransomware designed to encrypt files, add its extension (".GoldenWolf42") to filenames, change the desktop wallpaper, and create the "read_it.txt" file containing contact and payment information. GoldenWolf42 is based on Chaos ransomware.

An example of how GoldenWolf42 renames files: it replaces "1.jpg" with "1.jpg.GoldenWolf42", "2.png" to "2.png.GoldenWolf42", and so forth.

What is Abstract Art Tab?

Our research team discovered the Abstract Art Tab browser extension while checking out rogue websites. This extension promises to display abstract art style browser wallpapers.

After analyzing Abstract Art Tab, we determined that it is a browser hijacker. This piece of software makes alterations to browser settings in order to promote (through redirects) the find.asrcnav.com fake search engine.

What is Zipp3rs ransomware?

Zipp3rs is a ransomware-type program that we discovered while inspecting new submissions to VirusTotal. This piece of malicious software belongs to the Xorist ransomware family.

On our testing system, Zipp3rs encrypted files and appended their titles with a ".zipp3rs" extension. For example, an original filename such as "1.jpg" appeared as "1.jpg.zipp3rs", "2.png" as "2.png.zipp3rs", etc. Afterwards, this ransomware created ransom notes in a pop-up window and a text file named "HOW TO DECRYPT FILES.txt". The messages were identical and in Portuguese.

What is CleanTab Refresh?

Our researchers discovered the CleanTab Refresh browser extension while inspecting dubious websites. It is promoted as an advanced one-click webpage refreshing tool. However, our investigation revealed that CleanTab Refresh operates as advertising-supported software (adware).

What is Interiorz?

Interiorz is a browser extension promising easy access to home design related content. Our researchers discovered this piece of software while investigating untrustworthy websites. After inspecting Interiorz, we determined that it is a browser hijacker promoting (via redirects) the prosearchsolutionz.com illegitimate search engine.

What is Army Signal ransomware?

Army Signal is a ransomware-type program that our research team discovered while inspecting new submissions to the VirusTotal website.

After being executed on our testing system, Army Signal encrypted files and appended their files with a ".SIGSCH" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.SIGSCH", "2.png" as "2.png.SIGSCH", and so on for all of the affected files.

Following the completion of the encryption process, this ransomware dropped its ransom note – "README_SIGSCH.txt" – onto the desktop. The message therein was in Korean and English.

What is BrightNight ransomware?

BrightNight is the name of a malicious program designed to encrypt data and demand payment for its decryption. Due to this behavior, the program is classified as ransomware.

After we launched a sample of BrightNight on our testing system, it encrypted files and altered their filenames. Original titles were appended with the attackers' email, a unique ID assigned to the victim, and the ".BrightNight" extension. For example, a file named "1.jpg" appeared as "1.jpg.[Tpyrcne@onionmail.org][DB6A761A].BrightNight".

Once the encryption process was completed, a ransom-demanding message – "README.txt" – was created on the desktop.

What kind of page is captchasafe[.]top?

Our team discovered the website captchasafe[.]top while investigating pages that use dubious advertising networks. Captchasafe[.]top is designed to trick users into subscribing to its notifications. Additionally, captchasafe[.]top may redirect visitors to similar pages. It is rare for users to intentionally visit these types of pages.