Virus and Spyware Removal Guides, uninstall instructions

What is "MICROSOFT WINDOWS With Pre-installed Mcafee"?

During a routine inspection of deceptive websites, our researchers discovered "MICROSOFT WINDOWS With Pre-installed Mcafee". After inspecting it, we determined that this content operates as a technical support scam with phishing elements. The former attempt to trick users into calling fake helplines and allowing the scammers to access their devices remotely. While the latter is designed to extract sensitive information from visitors.

It must be emphasized that this scam is in no way associated with the Microsoft Corporation, McAfee Corp., or any other legitimate entity.

What is Strongix.exe?

Strongix.exe is a piece of malicious software, which our research team discovered while looking through fake "cracked" software download sites. This malware operates by force-opening various untrustworthy and malicious websites. It is not unlikely that Strongix.exe has additional harmful abilities as well.

What kind of malware is KurayStealer?

KurayStealer is the name of a malware builder that we found promoted on Discord. KurayStealer has the ability to steal passwords and capture screenshots. It is written in the Python programming language. We also learned that there are free and paid versions of the KurayStealer malware builder (the second paid version has additional features/extended capabilities).

What is Eternity ransomware?

Discovered by Cyble Research Labs, Eternity is a ransomware-type program that is part of the Eternity malware family. Ransomware is designed to encrypt data and make ransom demands for the decryption.

When we launched a sample of Eternity on our test machine, we learned that it encrypts files using the AES and RSA cryptographic algorithms. However, it does not alter the filenames of affected files (an updated variant actually does append ".ecrp" extension), which ransomware-type programs usually do. Once Eternity's encryption process was completed, it displayed a pop-up window that contained the ransom note.

It is noteworthy that since malware belonging to the Enternity family is offered as Malware-as-a-service (MaaS) - multiple attackers can use it. Therefore, Enternity ransomware messages can vary, e.g., ransom sizes, contact information, deadlines, etc. - may differ.

What kind of scam is "Your Computer Might Be Infected With Critical Viruses"?

After analyzing the page, we concluded that it is a scam website operated by individuals who aim to collect illegitimate commissions from purchases made via their page. This page uses a scare tactic to trick visitors into purchasing antivirus software. It is highly advisable to ignore websites of this kind (even when they promote legitimate software).

What is Eternity malware?

Discovered by Cyble Research Labs, Eternity is the name of a malware family. Actively sold on the Web, Eternity's developers use the Telegram IM (Instant Messaging) service to sell their malicious wares, as well as provide support and customization to buyers. Telegram can also be employed by the attackers using Eternity programs as their C&C (Command and Control) server and proliferation tool.

Currently, this malware family consists of a stealer, worm, miner, clipper, ransomware, and DDoS bot.

What kind of scam is "Apple Defender Security Center"?

We have examined this website and found that it runs a technical support scam. It is a fake Apple website claiming that a computer is infected and urging to call the provided number ("Apple Support"). Typically, the purpose of such scams is to extract money, sensitive information, or distribute malware.

What kind of malware is Kekpop?

Kekpop is ransomware that encrypts files (and renames them) and demands payment for file decryption. It creates the "ReadMe.html" file that contains payment information. Kekpop renames files by appending the ".kekpop" extension to filenames, replacing the original name with a string of random characters, and appending random characters to the original file extension.

An example of how Kekpop ransomware renames files: it changes a file named "1.jpg" to "28728.jpg26959.kekpop", "2.png" to "28728.png26959.kekpop", and so forth.

What kind of application is PlusTarget?

PlusTarget is an advertising-supported application. The purpose of this app is to display various advertisements (e.g., banners, coupons, pop-ups). We have discovered this app while inspecting deceptive websites. It is not a trustworthy app that should never be downloaded and installed.

What kind of page is news-nubuyo[.]cc?

News-nubuyo[.]cc is a deceptive page designed to trick visitors into agreeing to receive its notifications. Another issue with this site is that it redirects to other pages of this type. Our team has discovered news-nubuyo[.]cc while examining illegal movie streaming pages, torrent sites, and similar pages that use rogue advertising networks.