Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Windows Firewall Has Detected That Your Windows Is Damaged And Irrelevant"?

It is a pop-up scam (a fake Windows warning) claiming that the operating system is damaged. Scammers use it to trick website visitors into downloading deceptive (potentially malicious) applications. We discovered this site while inspecting other pages that use rogue advertising networks. Typically, pages running pop-up scams are opened unintentionally.

What kind of malware is Hydrox?

Hydrox is ransomware that our team has discovered while analyzing malware samples submitted to VirusTotal. It encrypts files, appends the ".hydrox" extension to filenames, drops the "Hydrox Ransomware.txt" file (a ransom note), and changes the desktop wallpaper.

An example of how Hydrox ransomware renames files: it changes "1.jpg" to "1.jpg.hydrox", "2.png" to "2.png.hydrox", "3.exe" to "3.exe.hydrox", and so forth.

What is RelianceTask?

Our research team discovered the RelianceTask rogue application while inspecting new submissions to VirusTotal. Our analysis of this app revealed that it operates as advertising-supporting software (adware). Furthermore, RelianceTask is part of the AdLoad malware family.

What kind of application is DailyPanel?

DailyPanel is an application that shows unwanted advertisements. It is an advertising-supported app (adware). Our team discovered DailyPanel while examining websites claiming that the Adobe Flash Player is out of date. DailyPanel is distributed via a fake installer.

What is DawDropper?

DawDropper is a piece of malicious software targeting Android operating systems. It is classified as a dropper - a type of program designed to cause chain infections (i.e., download/install other malware). This dropper has been used to infect devices with various banking trojans.

DawDropper's developers offer this malicious program as a service (Malware-as-a-Service [MaaS]) so that cyber criminals could use it to spread their malicious software for a fee. DawDropper has been actively distributed on the Google Play Store under the guise of various system cleaning, messaging, image editing, and other applications.

What kind of email is "Summon To Court For Pedophilia"?

"Summon To Court For Pedophilia" refers to scam emails disguised as court summons issued by governmental bodies. These letters claim that the recipient is accused of activities relating to pedophilia. We have inspected two variants of these spam emails, one in French and the other in Lithuanian, English, Dutch; however, different versions are likely.

This spam mail can have relatively sophisticated appearances, e.g., include emblems, seals, and other imagery associated with specific governmental institutions. Additionally, the letters may use the names of actual officials in the positions of Director General of Police, Commissioner of Police, etc.

However, it must be emphasized that the "Summon To Court For Pedophilia" emails are fake. Furthermore, the French Interior Ministry has issued warnings against trusting these letters.

What is a fake "Chrome" extension?

While inspecting websites offering "cracked" software, our researchers discovered a rogue browser extension simply titled "Chrome". Many fake extensions may use this name; in general, it is common for dubious software to use the names and graphics of legitimate products and companies. Typically, deceptive apps and browser extensions have harmful functionalities. The illegitimate "Chrome" extension that we analyzed had adware-type abilities.

What kind of page is urgentscanur[.]com?

During a routine investigation of suspicious websites, our researcher team found the urgentscanur[.]com rogue page. It hosts deceptive content (scams), promotes spam browser notifications, and redirects users to other (likely untrustworthy or malicious) sites.

Most visitors to urgentscanur[.]com and pages akin to it - access them via redirects caused by websites that use rogue advertising networks.

What is TerminalGenerate?

TerminalGenerate is an application that we discovered while inspecting new submissions to VirusTotal. Our analysis of this rogue app revealed that it is adware. Furthermore, TerminalGenerate is part of the AdLoad malware family.

What is FILE ransomware?

Our researchers discovered a new ransomware-type program belonging to the Phobos family - called FILE. Malware within this category operates by encrypting data in order to demand ransoms for the decryption.

After we executed a sample of File ransomware on our test machine, it encrypted files and altered their titles. The original filenames were appended with a unique ID, the cyber criminals' emails address, and a ".FILE" extension. For example, a file named "1.jpg" appeared as "1.jpg.FILE", "2.png" as "2.png.FILE", and so forth.

Once the encryption concluded, ransom-demanding messages were created/displayed in a pop-up window ("info.hta") and text file ("info.txt").