Virus and Spyware Removal Guides, uninstall instructions

What kind of page is desktopnotificationsnews[.]com?

Desktopnotificationsnews[.]com is a deceptive website that we have discovered while analyzing torrent, illegal movie streaming, and other sites that use shady advertising networks. After examining desktopnotificationsnews[.]com, we learned that it attempts to trick visitors into allowing it to show notifications.

What kind of scam is "Windows Firewall Protection - Your PC is infected with 5 viruses!"?

It is a pop-up scam displayed by a deceptive website that our team has discovered while examining sites (illegal movie streaming, torrent, and similar sites) that use rogue advertising networks. We found that the purpose of this scam is to trick visitors into believing that their computers are infected and purchasing antivirus software.

What is vinkens[.]com?

During a routine inspection of untrustworthy websites, our researchers discovered the vinkens[.]com deceptive site. When we inspected this page, we learned that it promotes several scams. While they make different claims, their goals are likely the same - to endorse untrustworthy or malicious software.

What is DOC/TrojanDownloader.Agent?

DOC/TrojanDownloader.Agent is a detection name for malicious Microsoft Office documents (for example, Word, Excel). The purpose of such documents is to infect computers with malware. Computers get infected once macros commands in these documents are enabled. Most cybercriminals disguise them as invoices, purchase orders, receipts, forms, or other documents.

What kind of page is ourcommonstories[.]com?

During a routine inspection of rogue webpages, our researchers discovered ourcommonstories[.]com. This site is designed to push browser notification spam and redirect visitors to other (likely untrustworthy/harmful) websites. It is noteworthy that most visitors to pages like ourcommonstories[.]com enter them via redirects caused by sites using rogue advertising networks.

What is Apollo Tab?

While inspecting shady websites, our researchers found Apollo Tab's promotional page. This browser extension is presented as a tool that supposedly allows users to customize the browser's homepage and "stimulate [their] productivity".

After analyzing this piece of software, we learned that Apollo Tab operates as a browser hijacker and promotes the search.apollotab.com illegitimate search engine.

What is Ranger3X ransomware?

When looking through support forums, our research team learned of the Ranger3X ransomware (a new variant of TeslaRVNG) from a report made by a victim's representative. We have sampled this malware from VirusTotal and executed it on our test machine.

Ranger3X encrypted the files on our test system and renamed them according to this pattern "id[victim's_ID].[solution@mailfence.com].original_filename.Ranger3X", which consists of a unique ID, the cyber criminals' email address, followed by the original filename, and concluded with a ".Ranger3X" extension. For example, a file initially titled "1.jpg" appeared as "id[QxGyHksv].[solution@mailfence.com].1.jpg.Ranger3X" following encryption.

After this process was completed, Ranger3X ransomware created a text file named - "DecryptFiles.txt" - which contains the ransom note.

What is "VBA/TrojanDownloader.Agent"?

"VBA/TrojanDownloader.Agent" primarily refers to malicious Microsoft Office documents. Its variations are used as detection names by many anti-virus programs. Virulent MS documents are designed to cause malware infections by executing malicious macro commands. These files are most commonly distributed through spam emails.

What is "MSIL/Spy.Agent"?

"MSIL/Spy.Agent" refers to backdoor-type malware. Its variants are used by many anti-virus programs as detection names primarily for trojans that operate as backdoors. This type of malware is designed to create a "backdoor" for additional malicious software. Theoretically, these trojans can infect devices with any kind of malware. Furthermore, trojan malware often has a wide variety of harmful abilities.

What is LNK/Agent?

LNK/Agent is a detection name for a Windows system shortcut to a malicious file, program, or folder. Shortcuts (LNK files) detected as LNK/Agent do not contain payload - they launch malicious executables (execute files designed to infect computers with malware). Cybercriminals use LNK files because they are less likely to be suspicious.