Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "Please Confirm Your Account"?

"Please Confirm Your Account" is a spam email. Our inspection revealed that this letter operates as a phishing scam. It makes false claims about an email account filtering process that will eliminate inactive ones. Hence, the fake notification urges recipients to confirm their email accounts by logging in through the promoted phishing website.

What is OnionPoison?

OnionPoison is the name of a campaign used to distribute malicious Tor Browser installers. Tor Browser is a legitimate browser that makes it more difficult to trace its user's Internet activity (it protects the user's privacy). Malicious Tor Browsers include a library infected with spyware that gathers personal information and sends it to a C2 server.

What is "Surfshark - Your PC Is Infected With 5 Viruses!"?

While inspecting rogue webpages, our researchers discovered the "Surfshark - Your PC Is Infected With 5 Viruses!" scam. It states that Surfshark has detected viruses on users' devices. It must be emphasized that all these claims are fake, and this scam is in no way associated with the actual Surfshark VPN (Virtual Private Network) service.

What kind of page is defenderfordevice[.]com?

While inspecting dubious websites, our research team discovered the defenderfordevice[.]com rogue page. It promotes deceptive content, pushes spam browser notifications, and causes redirects to other (likely untrustworthy/malicious) sites.

Most users enter webpages like defenderfordevice[.]com through redirects from sites that use rogue advertising networks.

What kind of malware is RedKrypt?

RedKrypt is ransomware that makes files inaccessible by encrypting them and appends the ".p.redkrypt" extension to filenames. Also, RedKrypt drops the "RedKrypt-Notes-README.txt" file containing a ransom note on the victim's desktop. Our malware researchers discovered RedKrypt while inspecting malware samples submitted to VirusTotal.

An example of how RedKrypt ransomware modifies filenames: it renames "1.jpg" to "1.jpg.p.redkrypt", "2.png" to "2.png.p.redkrypt", "3.exe" to "3.exe.p.redkrypt", and so forth.

What kind of application is QuantityTopic?

QuantityTopic is an untrustworthy application designed to bombard users with annoying advertisements. Software of this type is called adware. Our team discovered QuantityTopic after using a fake installer downloaded from a page claiming that the installed version of Adobe Flash Player is outdated.

What is EditInstruction?

EditInstruction is a rogue application that our researchers discovered during a routine inspection of new submissions to VirusTotal. After analyzing this piece of software, we learned that it is adware belonging to the AdLoad malware family.

What kind of page is adslivetraining[.]com?

Adslivetraining[.]com is a website designed to trick visitors into allowing it to show notifications. It uses a clickbait technique to lure visitors into clicking the "Allow" button. We discovered this deceptive page while examining sites that use rogue advertising networks (open shady pages and show dubious ads).

What is Phreaker ransomware?

Phreaker is the name of a ransomware-type program discovered by your researchers during a routine inspection of new submissions to VirusTotal. This malicious program is based on the Chaos ransomware.

Once we executed a sample of Phreaker on our test machine, it began encrypting files and appended their filenames with an extension consisting of four random characters. For example, a file initially titled "1.jpg" appeared as "1.jpg.j3zt", "2.png" as "2.png.m13e", and so on fir all of the affected files.

Afterwards, a ransom note - "read_it.txt" - was created. It is pertinent to mention that this message lacks the attackers' contact information; hence, it is possible that this malware is still in development and has been released for testing purposes.

What kind of malware is DAGON LOCKER?

DAGON LOCKER is ransomware (an updated variant of the Mount Locker ransomware). It encrypts files and creates a ransom note (the "README_TO_DECRYPT.html" file) containing instructions on how to contact the attackers. Additionally, it renames files by appending the ".dagoned" extension to filenames.

An example of how DAGON LOCKER modifies filenames: it renames "1.jpg" to "1.jpg.dagoned", "2.png" to "2.png.dagoned", "3.exe" to "3.exe.dagoned", and so forth.