Virus and Spyware Removal Guides, uninstall instructions

What is Webmail Manager email scam?

After examining this email, we found that it is a deceptive email masquerading as a letter from an email service provider. Scammers behind it attempt to trick recipients into opening the provided website link. Their goal is to extract sensitive information via a phishing website.

What is Trust Wallet App malware?

While inspecting untrustworthy cryptocurrency-related websites, we discovered a fake Trust Wallet page hosting Android malware. Cybercriminals use this site to trick unsuspecting visitors into downloading a backdoored version of the Trust Wallet application.

While inspecting this malware, we noticed that only a few security vendors detected it as malicious (at the time of research a list of security vendors that detect it as malicious was short).

What is Payt ransomware?

Payt is a ransomware-type program that our research team discovered while inspecting new submissions to VirusTotal.

When we executed this ransomware on our test system, it encrypted files and appended their filenames with a unique ID, the cyber criminals' email address, and either a ".Payt" or ".payt" extension. For example, a file named "1.jpg" appeared as "1.jpg.[MJ-YK7364058912](wesleypeyt@tutanota.com).Payt".

After the encryption process was finished, the Payt ransomware dropped a ransom-demanding message titled "ReadthisforDecode.txt" onto the desktop.

What kind of application is AnalyzerSystem?

AnalyzerSystem is an untrustworthy application distributed via a fake Adobe Flash Player installer. After installing and analyzing the app, we learned that it is useless and shows unwanted advertisements. Thus, we classified AnalyzerSystem as adware.

What kind of page is musicinmysoul[.]biz?

After examining musicinmysoul[.]biz, we learned that it displays deceptive content to trick visitors into allowing it to show notifications. Another reason not to trust musicinmysoul[.]biz is that it can redirect to other pages of this kind. We discovered musicinmysoul[.]biz while inspecting websites that use rogue advertising networks.

What is YamaBot?

YamaBot is the name of a cross-platform malware written in the Go programming language. This malicious program targets both Windows and Linux Operating Systems (OSes). YamaBot is associated with the North Korean state-backed cyber criminals known as the Lazarus Group. YamaBot attacks have been observed in Japan.

What is ComputingInvolve?

While looking through new submissions to VirusTotal, our researchers discovered the ComputingInvolve application. Our analysis of this piece of rogue software revealed that it operates as adware. Additionally, we learned that this app is part of the AdLoad malware family.

What kind of page is aigaithojo[.]com?

Aigaithojo[.]com is an untrustworthy page that wants to show notifications. It uses a clickbait technique (a deceptive method) to trick visitors into allowing it to show those notifications. Also, aigaithojo[.]com redirects visitors to other websites. We discovered aigaithojo[.]com while inspecting pages that use rogue advertising networks.

What is Screen Locking malware?

Screen Locking malware refers to screenlocker-type ransomware programs that target Android operating systems. There are numerous variants of this malware, but they differ from previously observed Android screenlockers due to the novel techniques that they use. This is a high-end screenlocker family which boasts multiple variants and a continuously evolving methodology.

The goal of this malware is to push victims into paying a ransom in order to remove the messages that prevent them from using their devices. Unlikely other ransomware types, these screenlockers do not encrypt victims' files.

What kind of malware is Manjusaka?

While examining a malicious document containing Cobalt Strike beacon, we discovered a new malware called Manjusaka. This malware has the capabilities of a Remote Access Trojan (RAT). Cybercriminals can use it for various purposes (from stealing information to managing files). Manjusaka can be planted on Windows and Linux systems.