Virus and Spyware Removal Guides, uninstall instructions

What kind of page is alltopspot[.]com?

Our research team discovered the alltopspot[.]com rogue page. It promotes browser notification spam and redirects users to different (likely unreliable/harmful) websites. Users typically enter alltopspot[.]com and similar sites through redirects caused by pages using rogue advertising networks.

What kind of page is mysecuritydatabase[.]live?

Our research team discovered the mysecuritydatabase[.]live rogue page while checking out dubious websites. This webpage promotes scams (e.g., "Norton Security - Your PC Might Be Infected With Viruses!") and spam browser notifications. Furthermore, mysecuritydatabase[.]live can redirect users to other (likely unreliable/malicious) sites.

Visitors to this and similar webpages primarily access them through redirects caused by websites using rogue advertising networks.

What kind of page is nativepclink[.]com?

Nativepclink[.]com is a rogue site discovered by our researchers while inspecting suspicious websites. It is designed to run scams, promote spam browser notifications, and redirect visitors to different (likely untrustworthy or hazardous) pages.

Users typically access websites like nativepclink[.]com via redirects caused by webpages using rogue advertising networks.

What is DRCRM ransomware?

DRCRM is a ransomware that our researchers found while checking out new submissions to VirusTotal. It is yet another malicious program belonging to the VoidCrypt ransomware family.

On our test machine, DRCRM encrypted files and altered their titles. The ransomware appended original filenames with a unique ID, the cyber criminals' email address, and a ".DRCRM" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.[CW-ZF5287410936](joaplcsg@gmail.com).DRCRM".

Afterwards, the DRCRM ransomware created a ransom-demanding message - "Read.txt" - and dropped it onto the desktop.

What kind of page is protectionservicespc[.]site?

During the examination of protectionservicespc[.]site, we found that it uses fraudulent marketing to promote antivirus software. This page shows deceptive (fake) messages to trick visitors into believing that their computers are infected and purchasing antivirus subscriptions. Also, protectionservicespc[.]site wants to show notifications.

What kind of page is steadycaptcha[.]live?

During a routine inspection of suspicious websites, our research team discovered the steadycaptcha[.]live rogue page. It promotes browser notification spam and redirects visitors elsewhere (likely untrustworthy/harmful) webpages.

Users typically enter steadycaptcha[.]live and sites akin to it - via redirects caused by websites that use rogue advertising networks.

What kind of malware is CryptBIT 2.0?

CryptBIT 2.0 is a new variant of CryptBIT ransomware. We discovered it while examining samples submitted to VirusTotal. CryptBIT 2.0 encrypts files, appends ".cryptbit" extension to filenames, changes the desktop wallpaper, and drops the "CryptBIT2.0-restore-files.txt" file. The text file dropped by CryptBIT 2.0 contains a ransom note.

An example of how CryptBIT 2.0 renames files: it changes "1.jpg" to "1.jpg.cryptbit", "2.png" to "2.png.cryptbit", and so forth.

What is "FIFA Crypto Giveaway"?

While inspecting sites that use rogue advertising networks, our research team discovered the "FIFA Crypto Giveaway" scam. It is presented as a giveaway held by FIFA, in which users are to contribute a certain amount of either Bitcoin (BTC) or Ethereum (ETH) cryptocurrency to the "event" and immediately receive twice their contribution back.

Naturally, victims of this scam will get nothing in return, and they will only lose the sum they have transferred. It must be emphasized that FIFA is in no way associated with this scheme.

What kind of email is "Your Organization Needs More Information To Keep Your Account Secure"?

Our inspection of the "Your Organization Needs More Information To Keep Your Account Secure" email revealed that it is spam that operates as a phishing scam. These letters target the log-in credentials of recipients' email accounts by offering the latest tech and security innovations.

What kind of malware is Tcbu?

Tcbu is the name of the Djvu ransomware variant that our team discovered while checking the VirusTotal page for recently submitted malware samples. We learned that Tcbu encrypts files, appends ".tcbu" extension to filenames, and drops the "_readme.txt" file (a ransom note).

An example of how Tcbu renames files: it renames "1.jpg" to "1.jpg.tcbu", "2.png" to "2.png.tcbu", and so forth. It is known that Djvu ransomware is often distributed alongside RedLine, Vidar, and other information stealers.