Virus and Spyware Removal Guides, uninstall instructions

What is "Password Expired" email scam?

We examined this email and found that it is designed to steal personal information from recipients. Emails of this type are called phishing emails. Scammers use them to obtain sensitive information, such as credit card details, login credentials, or other info, by disguising themselves as legitimate entities or reputable people.

What is Killnet ransomware?

We discovered the Killnet ransomware while looking through new submissions to VirusTotal. It is designed to encrypt data and demand payment for decryption.

After we executed a sample of Killnet on our test machine, it encrypted files and appended with a ".killnet" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.killnet", "2.png" as "2.png.killnet", and so forth.

Once this process was completed, a ransom-demanding message in Russian - "Ru.txt" - was created. Furthermore, this ransomware changes the desktop wallpaper - however, the image differs depending on Killnet's version.

What kind of page is zeleboba[.]click?

Our team inspected zeleboba[.]click and found that this page runs the "McAfee - Your computer is infected with 5 viruses!" scam. It displays deceptive content to trick visitors into believing that they must remove "detected" malware to avoid harm. Also, zeleboba[.]click wants to show notifications.

What kind of page is video-watch1[.]com?

Video-watch1[.]com is a rogue webpage that our researchers discovered while inspecting suspect websites. It operates by promoting spam browser notifications and redirecting users to other (likely unreliable/harmful) pages. Users typically enter sites of this kind via redirects caused by webpages that use rogue advertising networks.

What kind of malware is Laplas Clipper?

Laplas Clipper is the name of a clipper malware that checks the content of the victim's clipboard for cryptocurrency wallets. In the operating system, the clipboard is a temporary memory area in which data is stored while it is processed or transferred. Cybercriminals use clipper malware to replace cryptocurrency wallet addresses stored in the clipboard with their own.

What is CryptBB ransomware?

Our researchers discovered the CryptBB ransomware-type program while inspecting new submissions to VirusTotal. It is based on the LockBit 3.0 ransomware.

Once we launched a sample of CryptBB on our test machine, it began encrypting files and altered their filenames. Original titles were appended with an extension consisting of a random character string, e.g., a file named "1.jpg" appeared as "1.jpg.UUIkzrxKZ".

After the encryption process was completed, this ransomware changed the desktop wallpaper and created a ransom note titled "[random_string].README.txt". Based on the message in this text file, it is evident that CryptBB targets companies rather than home users.

What is RomCom?

RomCom is the name of a Remote Access Trojan (RAT). Malware categorized as such is designed to enable remote access/control over infected machines. RATs can be highly multifunctional and thus pose a wide variety of threats.

It is noteworthy that RomCom has been used in attacks against Ukraine's military institutions, likely a cybercrime element in the Ukrainian war. Additionally, this trojan has been employed in attacks against IT and food-industry related entities located in the US, Philippines, and Brazil.

What kind of malware is F**klocker?

While examining the F**klocker malware, our team learned that it is ransomware designed to encrypt files, modify filenames, and drop a ransom note (the "README.txt" file). We discovered F**klocker while analyzing malware samples submitted to VirusTotal.

F**klocker renames files by replacing their names with a string of random characters and appending the ".F**klocker" extension. For instance, it renames "1.jpg" to "MS5qcGc=.F**klocker", "2.png" to "Mi5wbmc=.F**klocker", and so forth.

What is Clicker?

Clicker is the name of a malicious program that targets Android devices. This malware operates akin to advertising-supported software (adware). It generates revenue through advertising. However, Clicker neither displays ads nor causes redirects to various websites. Instead, this piece of malicious software stealthily visits sites and webpages in the background, unbeknownst to the user.

What kind of application is PowerAnalytics?

While analyzing various untrustworthy pages, our team discovered an advertising-supported application called PowerAnalytics. The purpose of PowerAnalytics is to display annoying (and untrustworthy) advertisements. It is highly advisable not to have any adware installed on a computer.