Virus and Spyware Removal Guides, uninstall instructions

What kind of page is theoverheat[.]com?

We discovered theoverheat[.]com rogue webpage while investigating suspicious websites. It is designed to push browser notification spam and redirect visitors to other (likely unreliable/dangerous) sites. Users typically access pages like theoverheat[.]com via redirects caused by websites using rogue advertising networks.

What kind of malware is Attackuk?

While examining malware samples submitted to VirusTotal, our team discovered ransomware belonging to the MedusaLocker family dubbed Attackuk. The purpose of Attackuk is to encrypt data. Also, it provides a ransom note ("How_to_back_files.html") and appends its extension (".attackuk") to filenames.

For instance, a file named "1.jpg" is renamed to "1.jpg.attackuk", "2.png" to "2.png.attackuk", and so forth.

What kind of page is getoverenergy[.]com?

Getoverenergy[.]com is a rogue webpage that we discovered during a routine inspection of untrustworthy sites. It operates by promoting browser notification spam and redirecting users to different (likely dubious/malicious) websites.

Most visitors to getoverenergy[.]com and pages akin to it – access them through redirects caused by sites employing rogue advertising networks.

What kind of page is colamecola[.]biz?

During our analysis of questionable websites, we came across colamecola[.]biz. Our review of this site revealed that it is an untrustworthy page that tricks visitors into permitting it to send notifications. Moreover, colamecola[.]biz might redirect visitors to other untrustworthy pages.

What is TwoFactor ransomware?

Our research team found the TwoFactor ransomware while investigating new submissions to VirusTotal. Malware within this classification is designed to encrypt data and demand payment for its decryption.

After we executed a sample of TwoFactor on our test machine, it encrypted files and appended their filenames with an extension consisting of four random characters. For example, a file originally named "1.jpg" appeared as "1.jpg.8nk6", "2.png" as "2.png.78zi", etc.

Once this process was completed, the ransomware created ransom notes in the form of a desktop wallpaper and text file titled "README.txt". The message on the wallpaper is in English and Korean, while the text file is written exclusively in the latter.

What kind of page is aboutsmartcook[.]com?

After evaluating aboutsmartcook[.]com, we determined that the website utilizes misleading methods by displaying a fake message to compel visitors to sign up for notifications. Additionally, aboutsmartcook[.]com may steer users towards other questionable websites. Therefore, it is recommended to exercise caution and avoid placing trust in aboutsmartcook[.]com.

What kind of application is Oceans - New Tab?

After analyzing the Oceans - New Tab browser extension, we discovered that it seizes control of a web browser by modifying its settings. The objective of these modifications is to promote a fake search engine known as oceansnewtab.com. Therefore, we have categorized Oceans - New Tab as a browser hijacker.

What is "Orders Payment Swift Telex Copies"?

After analyzing this email, we came to the conclusion that it is a fraudulent email masquerading as a notification from Microsoft. It is a phishing email that aims to entice recipients to access a fake website and disclose their personal information. Therefore, recipients should disregard this email.

What is eBook Search?

Our researchers discovered the eBook Search browser extension while investigating deceptive websites. This piece of software is presented as a tool for easy access to ebooks. However, our analysis of eBook Search revealed that it is a browser hijacker and endorses the sear.ebooksearchnow.com fake search engine.

What is CovidDash?

During a routine investigation of suspicious websites, our research team discovered a malicious setup promoting the CovidDash (full title "CovidDash at Johns Hopkins University") browser extension. It is endorsed as a tool for easy access to information relating to the COVID-19 pandemic.

After inspecting this piece of software, we determined that it operates as a browser hijacker and causes redirects to the coviddashboard.extjourney.com fake search engine.

It is pertinent to mention that the installer also promoted the "Abnormal Network Traffic On This Device" scam.