Virus and Spyware Removal Guides, uninstall instructions

What is "YouTube Copyright Infringement Warning" email virus?

After examining the email, we found that this is a fake email from YouTube regarding copyright infringement. It contains a website link designed to download an archive file that contains a malicious file. Cybercriminals behind this email aim to trick recipients into downloading and executing malware (a malicious file).

What kind of email is "Error From Your Mail Server"?

After inspecting the "Error From Your Mail Server" email, we determined that it is spam that operates as a phishing scam.

This letter makes false claims about emails failing to reach the recipient's inbox, which can be rectified by verifying the account again. The goal of this spam mail is to lure users into disclosing their email account log-in credentials, with which the cyber criminals can then steal the exposed accounts and associated content.

What kind of malware is Eemv?

Eemv is the name of ransomware belonging to the Djvu family. The purpose of eemv is to encrypt files. Additionally, this ransomware renames files (it appends the ".eemv" extension to filenames) and creates a text file ("_readme.txt") to provide contact and payment information. Our team discovered eemv while checking the VirusTotal website for recently submitted malware samples.

An example of how Eemv modifies filenames: it changes a file named "1.jpg" to "1.jpg.eemv", "2.png" to "2.png.eemv", "3.exe" to "3.exe.eemv", and so forth.

What kind of malware is Eewt?

Eewt is ransomware that encrypts the victim's files, appends its extension (".eewt") to filenames, and drops a ransom note ("_readme.txt") on the desktop. Our malware researchers discovered Eewt while examining samples submitted to the VirusTotal web page. This ransomware belongs to the Djvu family.

An example of how files encrypted by Eewt ransomware are renamed: "1.jpg" is renamed to "1.jpg.eewt", "2.png" to "2.png.eewt", "3.exe" to "3.exe.eewt", and so forth.

What is MONTI ransomware?

MONTI is a ransomware-type program designed to encrypt data and demand payment for the decryption tools. It is a new variant of CONTI ransomware. Furthermore, MONTI shares extreme similarities with CONTI's modus operandi.

In February 2022, the group behind CONTI experienced a massive breach and data leak. The publicized information, including source codes, hacking tools, and other associated data - was sufficient to essentially serve as a step-by-step guide for cyber criminals wishing to replicate CONTI. Therefore, MONTI might not be the only ransomware group to base its operations on the information obtained from the CONTI leaks.

MONTI ransomware encrypts files and appends their filenames with an extension compromised of five random characters. For example, the MONTI sample we executed on our test machine added a ".PUUUK" extension to the filenames, e.g., a file titled "1.jpg" appeared as "1.jpg.PUUUK". After the encryption is finished, MONTI creates a ransom note named "readme.txt".

What is Black-Lights?

Our researchers discovered the Black-Lights browser extension during a routine inspection of suspicious software-promoting webpages. This extension is endorsed as a tool capable of enabling dark mode for simple design websites. However, our analysis of Black-Lights revealed that it operates as adware, i.e., delivers various advertisements.

What is SilkTopic?

Our research team discovered the SilkTopic rogue app while investigating new submissions to VirusTotal. After inspecting this piece of software, we determined that it is adware belonging to the AdLoad malware family.

What is Ballacks ransomware?

Our researchers discovered the Ballacks ransomware while inspecting new submissions to VirusTotal. This malicious program belongs to the VoidCrypt ransomware family.

Once we launched a sample of Ballacks on our test machine, it began encrypting files ad modified their names. Original filenames were appended with the victim's ID, the cyber criminals' email address, and a ".ballacks" extension. For example, a file titled "1.jpg" appeared as "1.jpg.[MJ-SD8497052316](Lemordewn@gmail.com).ballacks". Afterwards, a ransom note - "ReadthisforDecode.txt" - was dropped onto the desktop.

What is the "Your Order Is Processed" email scam?

After analyzing two "Your Order Is Processed" emails, we determined that they are spam. These letters make similar claims about the recipient having purchased an expensive item from a well-known retailer. The goal is to trick the recipient into calling the provided telephone number to cancel the purchase - and thus be lured into an elaborate scam.

Note that there can be other variants of this spam mail, aside from the two we have inspected. It must be emphasized that the "Your Order Is Processed" emails are fake and that the legitimate entities mentioned in them (e.g., Walmart, Target, PayPal, etc.) are not associated with the scam.

What kind of page is smartopc[.]xyz?

While investigating suspicious sites, our research team found the smartopc[.]xyz rogue webpage. It operates by promoting browser notification spam and redirecting users to other (likely untrustworthy/malicious) websites.

Users typically access smartopc[.]xyz and similar pages via redirects caused by websites using rogue advertising networks.