Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "TEXTIMA Export"?

After analyzing this "TEXTIMA Export" spam email, we determined that it is designed to infect recipients' devices with the FormBook malware. It must be emphasized that this scam mail is in no way associated with the actual Textima Export Import GmbH company.

What kind of malware is DTrack?

DTrack is a piece of malware capable of logging keystrokes, capturing screenshots, collecting browsing history, stealing files, injecting additional payloads, and more. Threat actors can use to steal various sensitive information, infect computers with other malware, and for other purpose.

It is known that threat actors behind DTrack are targeting organizations in Europe and Lating America.

What kind of malware is Ahmyth?

Ahmyth is a Remote Access Trojan (RAT) targeting Android users. It is distributed via trojanized (fake) applications. Ahmyth RAT steals cryptocurrency and banking credentials, 2FA codes, lock screen passcodes, and captures screenshots.

What is KmsdBot?

KmsdBot is a piece of malicious software written in the Go programming language. It is a cross-platform malware capable of infecting both Windows and Linux operating systems. KmsdBot operates by creating a botnet out of infected machines, which the malware can then use to launch DDoS (Distributed Denial-of-Service) attacks or to mine cryptocurrency.

The findings of Akamai Security Research suggest that KmsdBot targets various industries, including technology, gaming, and luxury car manufacturing. Their research also revealed that this malware is being actively developed.

What kind of malware is ARCrypter?

ARCrypter is ransomware - malware that encrypts files to prevent victims from accessing them. Also, it deletes Shadow Volume Copies. ARCrypter appends the ".crypt" extension to filenames of the encrypted files. Unlike most ransomware variants, ARCrypter drops a ransom note ("readme_for_unlock.txt" file) before encrypting files.

An example of how ARCrypter renames files: it changes "1.jpg" to "1.jpg.crypt", "2.png" to "2.png.crypt", and so forth.

What kind of page is securitysupportinfo[.]live?

Our researchers found the securitysupportinfo[.]live rogue website while checking out suspicious pages. Securitysupportinfo[.]live runs online scams, promotes browser notification spam, and redirects visitors to different (likely untrustworthy/malicious) sites.

Most users enter such webpages via redirects caused by sites that use rogue advertising networks.

What kind of page is stabilitysupport[.]com?

Stabilitysupport[.]com is a rogue page discovered by our research team during a routine investigation of questionable websites. This page is designed to promote online scams and spam browser notifications. Additionally, stabilitysupport[.]com can redirect users to other (likely unreliable/dangerous) websites.

Users typically access webpages of this kind through sites that use rogue advertising networks.

What is Anthraxbulletproof ransomware?

Anthraxbulletproof is the name of a ransomware-type program that we discovered while investigating new malware submissions to VirusTotal. It is noteworthy that this program is based on the Chaos ransomware.

On our test system, Anthraxbulletproof encrypted files and appended their filenames with a ".Anthraxbulletproof" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.Anthraxbulletproof", "2.png" as "2.png.Anthraxbulletproof", etc. Afterwards, a ransom-demanding message - "read_it.txt" - was created.

What is ModuleUpgrade?

ModuleUpgrade is a rogue app that our researchers found during a routine inspection of new submissions to VirusTotal. Our analysis of ModuleUpgrade revealed that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family.

What kind of malware is Onelock?

Onelock is one of the ransomware variants from the MedusaLocker ransomware family. It encrypts files, appends the ".onelock" extension to filenames, and creates an HTML file named "how_to_back_files.html" that contains a ransom note. An example of how Onelock renames files: it changes "1.jpg" to "1.jpg.onelock", "2.png" to "2.png.onelock", and so forth.

It is worth noting that Onelock ransomware is not in any way related to the OneLock Inc. (onelock.com).