Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Your Group Sent You A Message"?

After examining the email, our team has concluded that it is a phishing email containing a link that opens a deceptive page. The purpose of this email is to trick recipients into providing sensitive information. It is disguised as a letter regarding some final report.

What is Baal ransomware?

Our researchers discovered the Baal ransomware while inspecting new submissions to VirusTotal. This malicious program is part of the Makop ransomware family. Once a sample of Baal was launched on our test system, this ransomware encrypted files and altered their filenames.

The titles of affected files were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".baal" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.[2AF20FA3].[baal0625@goat.si].baal". Afterward, Baal dropped a ransom note - "readme-warning.txt" - onto the desktop.

What kind of page is computeradsnetwork[.]com?

Computeradsnetwork[.]com is a rogue webpage that our researchers found while checking out untrustworthy sites. It operates by promoting spam browser notifications and redirecting visitors to different (likely unreliable/malicious) websites.

Users typically enter pages like computeradsnetwork[.]com through redirects caused by sites using rogue advertising networks.

What kind of malware is Rootxwolf?

Rootxwolf is the name ransomware based on another ransomware called Chaos. We have discovered Rootxwolf during our analysis of malware samples submitted to the VirusTotal site. This malware encrypts files, modifies their filenames, creates the "read_it.txt" file (a ransom note), and changes the desktop wallpaper.

Rootxwolf appends the ".fuc*ed" extension to filenames, for example, it renames "1.jpg" to "1.jpg.fuc*ed", "2.png" to "2.png.fuc*ed", and so forth.

What kind of page is onlinehelptutorials[.]com?

Onlinehelptutorials[.]com is a rogue webpage that our researchers discovered while inspecting untrustworthy sites. This page is designed to promote online scams, push browser notification spam, and redirect visitors to different (likely unreliable/malicious) websites.

Users typically access onlinehelptutorials[.]com and similar sites through redirects caused by webpages using rogue advertising networks.

What kind of malware is Revive?

Revive is the name of a banking Trojan targeting Android users (customers of a specific Spanish bank). It steals sensitive information. Cybercriminals use Revive to take ownership of online accounts using stolen login credentials. This malware abuses Accessibility Services to perform malicious activities.

What is HybridSpace?

While looking through new submissions to VirusTotal, our research team found the HybridSpace application. After inspecting this piece of software, we determined that it is adware belonging to the AdLoad malware family.

What kind of page is trusted-check[.]xyz?

Trusted-check[.]xyz is one of the many deceptive websites that display deceptive content to trick visitors into allowing them to display notifications. Moreover, this site can open various scams and other untrustworthy pages. We have discovered trusted-check[.]xyz while analyzing other pages that use rogue advertising networks.

What is BlueSky ransomware?

BlueSky is the name of a malicious program classified as ransomware. Malware of this type is designed to encrypt data and demand ransoms for the decryption.

When we executed a sample of BlueSky on our test machine, it encrypted files and appended their filenames with a ".bluesky" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.bluesky", "2.png" as "2.png.bluesky", and so on.

Afterward, two identical ransom notes - "# DECRYPT FILES BLUESKY #.html" and "# DECRYPT FILES BLUESKY #.txt" - were dropped onto the desktop.

What kind of software is TripleWhole?

Our malware researchers have discovered TripleWhole while examining deceptive pages claiming that it is required to update the Adobe Flash Player (with a fake installer). After downloading and installing TripleWhole, we found that it functions as adware. The purpose of this application is to display annoying advertisements.