Virus and Spyware Removal Guides, uninstall instructions

PondRAT Malware (Mac)

What kind of malware is PondRAT?

PondRAT is a malicious software targeting Mac OSes. It is classed as a Remote Access Trojan (RAT). These trojans tend to be versatile, and their purpose is to allow remote access/control over infected devices.

Code similarities with malware (e.g., POOLRAT) used by Gleaming Pisces (aka Citrine Sleet) have led to the speculation that this threat actor group is behind PondRAT. Gleaming Pisces has North Korean affiliations.

This RAT has been observed being distributed via virulent Python software packages through PyPI (Python Package Index). Based on previous attacks, it is likely that the goal is to gain access to supply chain vendors via developers in order to infect the former's customers.

   
Necro Trojan (Android)

What kind of malware is Necro?

Necro is a Trojan that targets Android users. Threat actors deliver it via modified versions of well-known apps and those found on official app stores like Google Play. Necro uses certain techniques to hide its malicious payloads to evade detection and can perform various malicious activities.

   
Movie-web Remastered Extension Adware

What kind of software is movie-web remastered extension?

While browsing suspicious websites, our researchers discovered a deceptive page promoting the "movie-web remastered extension". This browser extension promises to enhance the streaming experience. After examining it, we determined that this extension is advertising-supported software (adware).

   
Gamadspro.com Ads

What kind of page is gamadspro[.]com?

Our team has reviewed gamadspro[.]com and discovered that the site uses clickbait to gain permission to show notifications. Typically, notifications from sites like gamadspro[.]com are deceptive and promote questionable content. Therefore, users should avoid agreeing to receive notifications from sites like gamadspro[.]com.

   
First-tl Ads

What are the first-tl websites?

While investigating suspicious websites, our research team discovered a group of rogue webpages sharing the "first-tl" domain. First-tl-139-d[.]buzz is an example of a page belonging to this family; the numbers and/or the letter in these domains can differ.

The goal of first-tl webpages is to trick visitors into enabling browser notification delivery. These pages can also generate redirects to other (likely untrustworthy/harmful) sites. The majority of users access webpages like those from the first-tl group via redirects caused by websites that utilize rogue advertising networks.

   
Gamadshub.com Ads

What kind of page is gamadshub[.]com?

Our team has examined gamadshub[.]com and found that this page employs clickbait to receive permission to send notifications. In most cases, notifications from websites like gamadshub[.]com are misleading and promote shady sites. Thus, users should not agree to receive them and should avoid visiting pages like gamadshub[.]com.

   
RDP (Chaos) Ransomware

What kind of malware is RDP (Chaos)?

Our researchers discovered RDP ransomware while reviewing malware submissions to VirusTotal. This malicious program belongs to the Chaos ransomware family. RDP (Chaos) ransomware encrypts data and demands ransoms for its decryption.

After we launched this malware on our test machine, it locked files and appended their filenames with a ".encrypted" extension. To elaborate, a file originally named "1.jpg" looked like "1.jpg.encrypted", "2.png" like "2.png.encrypted", and so on.

Following the encryption's completion, the ransomware changed the desktop wallpaper and dropped a ransom note titled "read_it.txt".

   
Secdojo Ransomware

What kind of malware is Secdojo?

Secdojo is ransomware, a type of malware that encrypts files. It also renames files (by appending the ".secdojo" extension). For instance, it changes "1.jpg" to "1.jpg.secdojo" and "2.png" to "2.png.secdojo". Additionally, Secdojo creates the "index.html" file containing a ransom note.

   
Tyson Ransomware

What kind of malware is Tyson?

Tyson is ransomware (based on Chaos ransomware) that we discovered during an analysis of malware samples submitted to VirusTotal. Once infiltrated, Tyson encrypts files, appends its extension (".tyson") to filenames, and drops a ransom note ("DECRYPTION INSTRUCTIONS.txt"). For instance, it renames "1.jpg" to "1.jpg.tyson", "2.png" to "2.png.tyson", and so forth.

   
Etyrthonrong.info Ads

What kind of page is etyrthonrong[.]info?

Our examination of etyrthonrong[.]info has shown that the site employs a deceptive tactic (known as clickbait) to lure visitors into granting it permission to send notifications to their devices. Usually, when a site like etyrthonrong[.]info has permission to show notifications, it bombards users with fake warnings, alerts, offers, and similar content.

   

Page 74 of 2329

<< Start < Prev 71 72 73 74 75 76 77 78 79 80 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal