Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Mr.Dark101?

Our researchers discovered Mr.Dark101 ransomware while browsing file submissions to the VirusTotal website. This malware is based on Chaos ransomware. Mr.Dark101 is designed to encrypt data and demand payment for the decryption.

After we executed a sample on our testing system, the ransomware encrypted files and appended their names with an extension comprising four random characters. For example, an original filename like "1.jpg" appeared as "1.jpg.bnwd" following encryption.

Once this process was finished, Mr.Dark101 ransomware changed the desktop wallpaper and dropped a ransom note in a text titled "read_it.txt".

What kind of malware is BlackNote?

BlackNote is an information stealer that targets various sensitive information. Stealers often operate stealthily, collecting data from infected devices to send to remote servers controlled by threat actors. This malware poses significant risks to user privacy and security. If BlackNote has infiltrated the operating system, it should be eliminated immediately.

What kind of malware is ElonMuskIsGreedy?

During our inspection of malware submitted to VirusTotal, we discovered a ransomware variant known as ElonMuskIsGreedy. Ransomware is a type of malware designed to encrypt files. In addition to encrypting data, ElonMuskIsGreedy renames files by appending ".ELONMUSKISGREEDY-[victim's_ID]" to their filenames and create a ransom note ("README_SOLVETHIS.txt").

An example of how ElonMuskIsGreedy modifies filenames: it changes "1.jpg" to "1.jpg.ELONMUSKISGREEDY-Wfj0hu4Lbs0TK5oU1ea2MVu5nTPz3inQ3h6TrYq8W0k", "2.png" to "2.png.ELONMUSKISGREEDY-Wfj0hu4Lbs0TK5oU1ea2MVu5nTPz3inQ3h6TrYq8W0k", and so forth.

What kind of email is "Office Server"?

After reading this "Office Server" email, we determined that it is spam. This fake message is presented as a password expiration notice. The goal of this campaign is to trick recipients into providing their email account log-in credentials to a phishing website.

What kind of page is asraichuer[.]com?

Our inspection of asraichuer[.]com has revealed that this page uses a deceptive method to lure visitors into accepting its notifications. Once a page like asraichuer[.]com has permission to show notifications, it can bombard users with fake warnings and other misleading notifications. Thus, asraichuer[.]com should not be trusted.

What kind of scam is "Dropbox - Your Transfer Expires"?

We have inspected this email and found that it is a scam email masquerading as a notification from Dropbox (a legitimate file hosting service). Our examination has revealed that the purpose of this scam is to trick recipients into disclosing personal information. Such emails fall into the category of phishing emails.

What kind of page is phipsougri[.]com?

During our inspection of phipsougri[.]com, we noticed that this page uses a clickbait technique to obtain permission from visitors to show notifications. Usually, notifications from websites like phipsougri[.]com contain misleading messages. Thus, users should avoid accepting them.

What kind of page is alaskariver[.]top?

We have inspected alaskariver[.]top and learned that it uses a method known as clickbait to trick visitors into allowing it to send notifications. When web pages like alaskariver[.]top have permission to show notifications, they typically deliver fake warnings or other messages. Thus, these sites should not be trusted.

What is the fake "$RUNE Loot Crate Claims" website?

This "$RUNE Loot Crate Claims" scam (runiverse[.]claims; could be hosted elsewhere) is a cryptocurrency drainer. It lures users with the promise of a chance to receive RUNE tokens. This scheme does not distribute any digital assets – instead, it steals them by siphoning the funds from exposed cryptowallets.

What is the fake "$KINTO TGE Check Allocations" website?

While browsing dubious sites, our researchers discovered the "$KINTO TGE Check Allocations" scam (kintodao[.]claims). Instead of distributing digital assets, this scheme operates as a cryptocurrency drainer – i.e., by stealing funds from exposed cryptowallets.

It must be emphasized that this fake "$KINTO TGE Check Allocations" webpage is not associated with any existing entities.