Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Windows Key Code Is Not Valid And Seems Pirated"?

Our research team discovered the "Windows Key Code Is Not Valid And Seems Pirated" technical support scam while investigating rogue sites. The scheme makes false claims regarding an illegal Windows version and system infections. This tech support scam aims to trick users into calling the provided helpline and entangling them in an elaborate money-seeking scheme.

What kind of application is MajorLookup?

During our investigation of new submissions to VirusTotal, our researchers came across the MajorLookup app. After closely scrutinizing the software, we determined that MajorLookup is, in fact, adware. Its main purpose is to display advertisements, and it may also possess other harmful capabilities.

What kind of application is Image Viewer?

Image Viewer is promoted as a browser extension that enhances image viewing capabilities. However, during our examination, we found that Image Viewer displays ads (it supports ads). For this reason, we classified Image Viewer as adware. It is worth noting that we discovered Image Viewer on a deceptive website.

What kind of email is "Email Access Is Set To Expire"?

After examining this email, our team has determined that it is a phishing attempt disguised as a message from an email service provider, with the scammers claiming to be the Microsoft team. The intention of the scammers behind this letter is to entice unaware recipients into accessing the fraudulent website and disclosing their personal details.

What is Anonymous Video Player?

Our researchers found the Anonymous Video Player browser extension while investigating questionable websites. This extension is presented as a tool that allows users to playback videos and download them in multiple formats. After analyzing Anonymous Video Player, we determined that it is advertising-supported software (adware).

What is Attack ransomware?

While investigating new submissions to VirusTotal, our researchers discovered the Attack ransomware. Malware within this classification encrypts data and demands payment for its decryption. There are several variants of Attack, and it belongs to the MedusaLocker ransomware family.

Encrypted files are appended with a ".attack[number]" extension; the number varies depending on the malware's version. For example, a file initially titled "1.jpg" could appear as "1.jpg.attack7", etc. After this process is completed, Attack creates a ransom-demanding message named "how_to_back_files.html". Based on the text therein, it is evident that this ransomware targets companies rather than home users.

What kind of malware Atomic?

Atomic, also known as Atomic macOS Stealer (AMOS), is a malicious program targeting Mac OSes (Operating Systems). It is classified as a stealer – a type of malware that extracts and exfiltrates information from infected devices. At the time of writing, Atomic is actively sold on Telegram.

What kind of scam is "Sales Contract"?

Upon reviewing this letter, we have determined that it is a phishing email aimed at obtaining sensitive information from its recipients. The email includes an attachment that leads to a fraudulent website. It is disguised as a letter regarding a sales contract from the Sea Map Group.

What kind of page is fast-redirectus[.]xyz?

Fast-redirectus[.]xyz is the address of a rogue webpage that we discovered while inspecting untrustworthy sites. This page is designed to promote spam browser notifications and redirect users to other (likely dubious/malicious) websites.

Most visitors to webpages like fast-redirectus[.]xyz access them through redirects caused by sites that use rogue advertising networks.

What kind of malware is MgBot?

MgBot is a malware framework. It is capable of causing chain infections (i.e., downloading/installing additional malicious programs or components). Additionally, this framework supports multiple plug-ins that are geared toward data exfiltration.

MgBot has been used in an attack on an African telecommunications organization, and this activity is linked to the Daggerfly cybercrime group.