Virus and Spyware Removal Guides, uninstall instructions

What kind of page is notfreeads[.]com?

Notfreeads[.]com is an untrustworthy website that uses a clickbait technique to trick visitors into allowing it to show notifications. Also, it redirects visitors to another virtually identical page (notadslife[.]com). We have discovered notfreeads[.]com while inspecting illegal movie streaming sites, torrent pages, and other sites of this kind that use rogue advertising networks.

What kind of page is window-safe[.]com?

Our researchers found window-safe[.]com while inspecting shady sites. This rogue page operates by loading deceptive content (scams), pushing spam browser notifications, and redirecting visitors to other (likely unreliable/malicious) webpages.

Most users enter window-safe[.]com and similar websites via redirects caused by pages using rogue advertising networks.

What kind of application is SearchHDConverter?

Our team has discovered the SearchHDConverter application while inspecting deceptive websites offering to add it to a browser. After testing the app, we learned that it is a browser hijacker that changes the settings of the affected web browser. It promotes the searchhdconverter.com address - a fake search engine.

What is like dark browser hijacker?

While inspecting dubious download sites, our research team discovered the like dark browser extension. This piece of software promises to enable dark mode for simple design websites.

Our analysis uncovered that the like dark extension operates as a browser hijacker. It modifies browser settings, promotes the getsins.com fake search engine, and spies on users' browsing activity.

What is Talisman?

Talisman is a new variant of the PlugX RAT (Remote Access Trojan). Malware within this classification is designed to enable remote access/control over infected machines, and these trojans are known to be multifunctional. Talisman's functionalities have not undergone any significant alterations compared to recent versions of PlugX; the primary changes concern the program's internal configuration and code modifications.

While PlugX has long been associated with Chinese state-sponsored cyber criminals, research done by other analysts suggests that it is not exclusive.

However, according to a report by Trellix, there is more substantial evidence linking Talisman to China's cyber warfare. Observed campaigns proliferating this RAT targeted Telecommunication and Defense spheres in South Asian countries with motivations aligning with China's geopolitical stances (particularly economics-wise).

What kind of malware is OnlyFans?

OnlyFans is the name of a ransomware variant discovered by MalwareHunterTeam. We found that cybercriminals behind OnlyFans attempt to trick victims into paying for data decryption even though their ransomware does not encrypt any files. OnlyFans displays a pop-up window with a ransom-demanding message in it.

What is Sdhvqq ransomware?

Sdhvqq is the name of a ransomware-type program that our research team found while inspecting new submissions to VirusTotal. We learned that this program is part of the Snatch ransomware group.

We tested Sdhvqq by executing a sample on our test machine, and the ransomware began encrypting files and appending their filenames with a ".sdhvqq" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.sdhvqq", "2.png" as "2.png.sdhvqq", etc.

Once this process was completed, a random-demanding message - "HOW TO RESTORE YOUR FILES.TXT" - was dropped onto the desktop. Based on the text presented in this file, it is evident that Sdhvqq targets companies rather than home users.

What kind of malware is Ust29?

Ust29 is ransomware belonging to the Dharma family. Our malware researchers have discovered it while examining samples submitted to the VirusTotal page. It was found that Ust29 encrypts files and appends the victim's ID, ust29@aol.com email address, and ".ust29" extension to filenames. It provides ransom notes in a pop-up window and the "FILES ENCRYPTED.txt" file.

An example of how Ust29 modifies filenames: it renames "1.jpg" to "1.jpg.id-9ECFA84E.[ust29@aol.com].ust29", "2.png" to "2.png.id-9ECFA84E.[ust29@aol.com].ust29", and so forth.

What kind of page is notificationscity[.]com?

Notificationscity[.]com is a rogue webpage designed to deceive visitors into allowing it to deliver browser notification spam. Additionally, this page is capable of causing redirects to other (likely untrustworthy or malicious) sites. We discovered notificationscity[.]com while inspecting shady websites. Most users enter such sites via others that employ rogue advertising networks.

What is the "Trezor" email scam?

"Trezor email scam" refers to emails regarding a data breach of Trezor's administrative servers. It must be emphasized that these letters are fake, and they are not associated with Trezor - the legitimate hardware cryptocurrency wallet.

After analyzing an email belonging to this spam campaign, we have concluded that it operates as a relatively sophisticated phishing scam. It aims to trick recipients into installing a fake "Trezor Suite" application designed to record the log-in credentials entered into it.