Virus and Spyware Removal Guides, uninstall instructions

What kind of page is allowpcprotect[.]com?

Allowpcprotect[.]com is a deceptive website that uses a scare tactic to trick visitors into purchasing antivirus software. It also asks for permission to show notifications. We have discovered this site while inspecting other sites that use shady advertising networks.

What kind of page is protectlab[.]xyz?

Our research team found protectlab[.]xyz while inspecting untrustworthy websites. This rogue page is designed to load deceptive content, push browser notification spam, and redirect visitors to different (likely unreliable/malicious) websites. Most users enter sites like protectlab[.]xyz via webpages using rogue advertising networks.

What is Everyday Quote?

While inspecting dubious download websites, our researchers discovered the Everyday Quote browser extension. It promises to display daily inspirational quotes. After analyzing this piece of software, we determined that it operates as adware.

What kind of page is toftheussi[.]xyz?

Toftheussi[.]xyz is a rogue website designed to push browser notification spam and redirect visitors to other (likely untrustworthy/malicious) pages.

Our researchers discovered it while inspecting sites that use rogue advertising networks. Most users enter webpages like toftheussi[.]xyz via such websites. However, they can also be entered through redirects caused by spam notifications, intrusive ads, mistyped URLs, or installed adware.

What kind of application is Rain Tab?

We have discovered the Rain Tab browser extension on a shady website offering to download and install recommended Chrome extension. After examination, we found that it hijacks a web browser by changing some of its settings to raintab.com. It was concluded that Rain Tab is a browser hijacker forcing users to browse the web using a fake search engine.

What is Keep It Secure?

Keep It Secure is a browser extension our researchers discovered while inspecting dubious download webpages. After analyzing this piece of software, we learned that it operates as a browser hijacker. Keep It Secure modifies browser settings to promote (by causing redirects to) the keepitsecure.today illegitimate search engine.

What kind of scam is "Your Account Will Be Suspended In 48hrs"?

Our team has analyzed this email and concluded that it is a typical phishing email used to trick recipients into providing sensitive information. It is disguised as a letter from an email service provider. It contains a link designed to open a deceptive site requesting login credentials.

What is Strip4you ransomware?

While inspecting new malware submissions to VirusTotal, our research team discovered the Strip4you ransomware. We determined that this malicious program is part of the Xorist ransomware family.

On our test machine, Strip4you encrypted files and appended their filenames with a ".strip4you" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.strip4you", "2.png" as "2.png.strip4you", and so forth.

Once this process was finished, this ransomware created/displayed identical ransom notes in a pop-up window and "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" text file. It is noteworthy that if the infected system does not have the Cyrillic alphabet, the pop-up message will appear as gibberish (unreadable).

What kind of malware is Quantum?

We have discovered malware called Quantum while analyzing the samples submitted to the VirusTotal page. It was learned that Quantum is ransomware that encrypts files and appends the ".quantum" extension to filenames. It also generates an HTML file named "README_TO_DECRYPT.html" containing a ransom note.

An example of how Quantum ransomware modifies filenames: it renames "1.jpg" to "1.jpg.quantum", "2.png" to "2.png.quantum", "3.exe" to "3.exe.quantum", and so forth.

What is the "E-mail To You From An Account Of Yours" email?

After analyzing the "E-mail To You From An Account Of Yours" letter, our researchers determined that it is a sextortion scam. This email falsely claims that the sender has an explicit video of the recipient, which will be leaked to their contacts - unless a ransom is paid.

It must be emphasized that the information provided by this spam email is false. Therefore, recipients are not at risk, and no such recording exists in the scammers' possession.