Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is blackZluk?

Our researchers discovered the blackZluk ransomware while investigating new submissions to the VirusTotal website. Ransomware is designed to encrypt files and demand payment for the decryption.

After we launched a sample of blackZluk on our system, it encrypted files and appended their filenames with a ".blackZluk" extension. Original name like "1.jpg" appended as "1.jpg.blackZluk", "2.png" as "2.png.blackZluk", and so on. Once this process was completed, a ransom note titled "#RECOVERY#.txt" was created.

What kind of page is allowtube[.]com?

Our inspection of allowtube[.]com has revealed that this is a fraudulent web page created to deceive visitors into agreeing to receive its notifications. As a rule, sites like allowtube[.] generate untrustworthy notifications. For these reasons, it is advisable not to visit allowtube[.] or allow it to deliver notifications.

What kind of page is agagaure[.]com?

We have examined agagaure[.]com and discovered that it uses a deceptive method to trick visitors into permitting it to show notifications. Usually, website of this type deliver untrustworthy notifications. Thus, users should avoid visiting agagaure[.]com or allowing it to send notifications to their devices.

What is "Mailbox Has Been Successfully Upgraded"?

Our team has reviewed this email and concluded that it is a fraudulent letter posing as a notification from an email service provider. This email is written by scammers who attempt to trick recipients into disclosing personal information. Emails of this type are classified as phishing emails.

What kind of email is "Urgent Server Warning"?

"Urgent Server Warning" is a spam email. It falsely claims that a request has been received to terminate the recipient's email account. With this lure, the scam letter tricks recipients into providing their email log-in credentials to a phishing site with the hopes that it will cancel the fake request.

What kind of email is "Payment Approved By International Authorities"?

After reading the "Payment Approved By International Authorities" email, we determined that it is spam. The letter states that the recipient can claim their 36 million USD payment. Typically, scammers behind mail of this kind seek victims' personal information or money.

What kind of malware is ScRansom?

ScRansom is ransomware designed to encrypt files and provide a ransom note ("HOW TO RECOVERY FILES.TXT"). Also, ScRansom encodes filenames using base64 and adds ".Encrypted" extension to filenames. For example, it renames "1.jpg" to "MS5qcGc=.Encrypted", "2.png" to "Ni5qcGc=.Encrypted", and so forth.

What kind of email is "cPanel - Server Glitch"?

Our inspection of the "cPanel - Server Glitch" email revealed that it is spam. This message falsely claims that emails failed delivery due to a server glitch. The purpose of this spam mail is to lure visitors into providing their log-in credentials to a phishing website.

It must be emphasized that the claims in this scam email are false, and this mail is not associated with cPanel or any other legitimate services and providers.

What is "Accounting Has Shared Access"?

We have inspected this email and found that it is a fraudulent letter masquerading as a notification regarding a September payment schedule assigned to the recipient. Scammers use this email to extract personal information from recipients. Such schemes are known as phishing attempts. Whoever receives this (or similar) email should ignore it.

What kind of malware is BLX?

BLX (also known as XLABB) is a stealer capable of exfiltrating a variety of sensitive data from victims' devices. The malware targets log-in credentials, cryptocurrency wallets, and other vulnerable information. At the time of writing, BLX is under active development. Its developers are promoting this stealer on multiple online platforms.