Virus and Spyware Removal Guides, uninstall instructions

What is SearchBlox?

SearchBlox is a malicious Google Chrome browser extension. There are two variants of this extension, and both promise to allow users to search the Roblox video game platform servers for a specific player. Instead, this piece of malicious software targets data associated with Roblox and Rolimons - the former's trading platform.

SearchBlox has surfaced several times on the Chrome Web Store and has been removed at least once since July 2022. However, it is known that at least two hundred thousand users have already downloaded this malware. There is no concrete evidence on whether this extension has always been intended for this malicious use or had become trojanized at some point.

What kind of malware is Mafer?

Mafer is one of the VoidCrypt ransomware variants designed to encrypt files, append the victim's ID, filees@gmail.com email address, and the ".Mafer" extension to filenames, and drop a text file ("Read_Me!_.txt") containing a ransom note. Our team discovered Mafer while examining malware samples submitted to VirusTotal.

An example of how Mafer renames files: it changes "1.jpg" to "1.jpg.[ID=hhNAst-Mail=dr.filees@gmail.com].Mafer", "2.png" to "2.png[ID=hhNAst-Mail=dr.filees@gmail.com].Mafer", and so forth.

What kind of malware is D0nut?

D0nut is a ransomware that encrypts files and appends the ".d0nut" extension to filenames (e.g., it renames "1.jpg" to "1.jpg.d0nut", "2.png" to "2.png.d0nut", and so forth). Also, D0nut drops two HTML files ("d0nut.html") and displays a pop-up window. They contain ransom notes.

What kind of email is "Payment For McAfee Subscription"?

"Payment For McAfee Subscription" is the name of an email spam campaign. The letters can be plain or quite elaborate, but they all refer to purchases or renewals of the McAfee anti-virus.

It must be emphasized that these emails are fake, and they are not associated with the actual McAfee Corp. This spam mail aims to trick recipients into phoning the provided telephone numbers - thus pulling them into a callback scam.

What is "Walmart Gift Card" pop-up scam?

While examining shady ads and websites, we discovered a scam website offering to get a Walmart gift card. Usually, scam websites like this one are used to extract personal information and (or) money. It is strongly recommended not to trust such pages.

What kind email is "Mail Server Update"?

Our team examined this email and learned that scammers sent it. The purpose of this letter is to trick unsuspecting recipients into entering personal information on a phishing website (fake login page). This email is disguised as a letter from an email service provider. It should be marked as spam and deleted.

What is CustomSearch?

During a routine inspection of suspicious software-promoting websites, our researchers discovered the CustomSearch application. Our analysis revealed that this app operates as a browser hijacker. It promotes fake search engines (e.g., nseext.info, customsear.ch, etc.) by causing redirects to them and likely has data-tracking abilities.

What kind of malware is A.E.S.R.T?

A.E.S.R.T is ransomware that encrypts files, appends the ".AESRT" extension to filenames, and displays a ransom note. Our malware researchers discovered A.E.S.R.T while inspecting samples submitted to the VirusTotal website. An example of how A.E.S.R.T renames files: it changes "1.jpg" to "1.jpg.AESRT", "2.png" to "2.png.AESRT", and so forth.

What is AxBanker?

AxBanker is an Android-specific banking malware. As its classification implies, this malicious software seeks to obtain banking information. AxBanker has been used in large smishing (SMS phishing) campaigns targeting Indian users. These operations were centered on some of the best-known banks in the region.

Research undertaken by Trend Micro analysts has discovered multiple campaigns active in India, which involve the following malicious programs - Elibomi, FakeReward, IcRAT, and IcSpy. However, at the time of writing, there is not enough evidence to link these campaigns with one another.

What kind of application is ConnectedProtocol?

While examining ConnectedProtocol, we found that this application displays intrusive advertisements. Software that shows ads is called adware. We discovered ConnectedProtocol on a deceptive website suggesting that certain installed software is outdated. It is uncommon for adware to be installed by users on purpose.