Virus and Spyware Removal Guides, uninstall instructions

What is TrackAnalyser?

TrackAnalyser is a rogue application that we discovered while inspecting new submissions to VirusTotal. After analyzing this piece of software, we determined that it is adware belonging to the AdLoad malware family.

What is "McAfee - Your Card Payment Has Failed!"?

While inspecting sites that use rogue advertising networks, our researchers discovered the "McAfee - Your Card Payment Has Failed!" scam. It claims that the McAfee anti-virus has expired due to a failed reoccurring payment. Users are encouraged to rectify this issue and protect the vulnerable devices.

In most cases, this scam model is used to trick users into downloading/installing and/or purchasing (likely dubious) products. It must be stressed that both the McAfee anti-virus and its developers McAfee Corp. are not associated with this scam.

What kind of malware is Mbtf?

Mbtf is one of the ransomware variants belonging to the Djvu family. Our team discovered Mbtf while examining malware samples submitted to VirusTotal. We found that Mbtf encrypts files and appends the ".mbtf" extension to filenames. Also, it creates the "_readme.txt" file, a ransom note containing contact and payment information.

An example of how Mbtf modifies filenames: it renames "1.jpg" to "1.jpg.mbtf", "2.png" to "2.png.mbtf", and so forth. Before encrypting files with Djvu ransomware, threat actors often use information stealers like RedLine and Vidar to obtain sensitive information from computers.

What kind of malware is Mppn?

Mppn is ransomware that encrypts data, appends the ".mppn" extension to filenames, and creates the "_readme.txt" file that contains a ransom note. Mppn is one of the Djvu ransomware variants. We discovered it while inspecting malware samples submitted to the VirusTotal page. Threat actors often distribute Djvu ransomware with RedLine, Vidar, and other information stealers.

An example of how Mppn changes filenames of encrypted files: it renames "1.jpg" to "1.jpg.mppn", "2.png" to "2.png.mppn", and so forth.

What kind of page is monterrey[.]top?

While inspecting suspicious websites, our research team discovered the monterrey[.]top rogue page. It pushes browser notification spam and redirects visitors to different (likely untrustworthy/malicious) sites. Users typically enter such webpages via redirects caused by sites that use rogue advertising networks.

What kind of page is thehypefeed[.]com?

Thehypefeed[.]com is one of the websites designed to trick visitors into agreeing to receive notifications. In addition to showing deceptive content, thehypefeed[.]com redirects to other pages. We discovered thehypefeed[.]com while examining sites that use rogue advertising networks.

What kind of malware is CryWiper?

CryWiper is malware masquerading as ransomware. It operates as a data wiper: instead of encrypting files, CryWiper damages them. It also appends the ".CRY" extension to filenames and deletes shadow copies to prevent victims from restoring their files. Threat actors behind CryWiper have been observed targeting Russian organizations.

What is Puspa2 ransomware?

We found the Puspa2 ransomware-type program during a routine inspection of new submissions to VirusTotal. It operates by encrypting data and demanding payment for the decryption tools.

When we executed a sample of Puspa2 on our test system, it encrypted files and appended their filenames with a ".puspa2#mejukeni7sala029" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.puspa2#mejukeni7sala029", and so on for all of the affected files.

Afterward, this ransomware created a ransom note ("XXX_HELLO'S_READ_ME._txt)" and changed the desktop wallpaper.

What kind of page is tactpro[.]net?

While examining tactpro[.]net, we found that it offers visitors to protect their computers (promotes antivirus software) and asks for permission to show notifications. Our team discovered tactpro[.]net while inspecting websites that use rogue advertising networks (illegal movie streaming pages, torrent sites, etc.).

What kind of email is "New Sign-in With Your Mail Account"?

Our team has analyzed this email and found that it is a scam. This letter is written by scammers who aim to trick recipients into providing sensitive information. It is disguised as a letter from an email service provider regarding a new sign-in. This scam email contains a link to a phishing website.