Virus and Spyware Removal Guides, uninstall instructions

What is Sakura ransomware?

Sakura is a ransomware-type program based on the Chaos ransomware, which our researchers found while inspecting new submissions to VirusTotal. Malware within this classification (ransomware) encrypts victims' data in order to make ransom demands for the decryption.

After we executed a sample of Sakura on our test machine, it encrypted files and appended their filenames with the ".Sakura" extension. To elaborate, a file originally titled "1.jpg" appeared as "1.jpg.Sakura", "2.png" as "2.png.Sakura", and so on for all of the affected files.

Once this process was completed, the ransomware created a ransom note named "read_it.txt" and changed the desktop wallpaper.

What kind of malware is POLINA?

While examining the malware samples submitted to the VirusTotal site, we found POLINA ransomware. It encrypts files and modifies their filenames (it appends the ".POLINA" extension to filenames. Also, POLINA ransomware drops a ransom note (the "READ_HELP.txt" file) on a desktop.

An example of how POLINA ransomware modifies filenames: it renames "1.jpg" to "1.jpg.POLINA", "2.png" to "2.png.POLINA", "3.exe" to "3.exe.POLINA", and so forth.

What kind of application is PanelCharge?

After downloading and installing the PanelCharge application, we learned that it is an advertising-supported application that bombards users with unwanted and intrusive advertisements. We discovered it while examining deceptive websites claiming that certain installed software is outdated.

What kinf of scam is "I Regret To Inform You About Some Sad News For You"?

After analyzing this email, we determined that it is a sextortion scam threatening to share (disclose) videos of recipients visiting adult websites and their personal information. This email aims to trick recipients into sending a specified amount of Bitcoins to the provided wallet. None of the claims in this email are true. Thus, it must be ignored.

What kind of page is cleanyourpcnow[.]com?

Cleanyourpcnow[.]com is a rogue webpage that we found while inspecting dubious sites. It runs scams, promotes browser notification spam, and redirects users to other (likely untrustworthy/malicious) webpages. Users typically access such pages through redirects caused by websites using rogue advertising networks.

What is SpaceEnergy?

Our researchers discovered yet another app belonging to the AdLoad malware family - named SpaceEnergy - during a routine inspection of new submissions to VirusTotal. This application operates as advertising-supported software (adware), i.e., it delivers intrusive advertisement campaigns. Additionally, SpaceEnergy might have browser-hijacking and data tracking functionalities.

What is kind of website is shaxon[.]shop?

While inspecting rogue websites, our research team found the shaxon[.]shop deceptive webpage. It is designed to promote scams, and at the time of research, it ran "Hackers are watching you!". By making false claims about the visitor's device being hacked, infected, or at risk - scams of this kind endorse untrustworthy and malicious apps.

What kind of page is updates-center[.]com?

During a routine inspection of untrustworthy websites, our researchers discovered the updates-center[.]com rogue page. It promotes browser notification spam and redirects visitors to other (likely unreliable/malicious) sites. Most users enter updates-center[.]com and similar webpages via redirects caused by sites that use rogue advertising networks.

What is DevilsTongue?

First researched by Microsoft Threat Intelligence Center (MSTIC) in collaboration with Citizen Lab, DevilsTongue is a piece of multifunctional malicious software written in C and C++ programming languages.

MSTIC's findings suggest that DevilsTongue is associated with cyber criminals developing/selling malware and hacking-tool packages for cyber warfare. The cyber criminals behind DevilsTongue, dubbed SOURGUM, are suspected to be an Israel-based group.

The sophisticated ware offered by SOURGUM is believed to have been used to target over a hundred victims, including politicians, embassy workers, academics, human rights activists, journalists, and political dissidents.

What is "Unicaja Banco" email scam?

After examining this email, we learned that it is sent by scammers who pretend to be Unicaja - a Spanish savings bank. The whole letter is written in the Spanish language. It contains a website link. Scammers behind this email attempt to trick recipients into opening that link and providing personal information.