Virus and Spyware Removal Guides, uninstall instructions

What kind of page is penadee[.]com?

Upon analyzing of penadee[.]com, we determined that it is a deceptive web page created to trick visitors into consenting to receive its notifications. Typically, notifications from sites like penadee[.]com are deceptive. For this reason, it is strongly recommended to avoid agreeing to receive notifications from penadee[.]com and similar sites.

What kind of malware is Ailurophile?

Ailurophile is an information stealer targeting Windows operating systems. Cybercriminals have been observed promoting Ailurophile on GitHub. Usually, malware like Ailurophile is utilized to harvest sensitive information that cybercriminals use to steal money, hijack personal accounts, extract more information, etc. Such threats must be removed from infected systems immediately.

What kind of malware is Colony?

Our researchers discovered the Colony ransomware-type virus while investigating new submissions to the VirusTotal website. This malicious software encrypts data and demands ransoms for the decryption.

On our testing system, Colony encrypted files and altered their names by adding the attackers' email address and a ".colony96" extension to them. For example, a file named "1.jpg" looked like "1.jpg.[support2022@cock.li].colony96", etc. It is noteworthy that the number in the extension might differ depending on Colony's variant.

Once the encryption process was completed, Colony ransomware created ransom notes in a full-screen message displayed before the user log-in screen, desktop wallpaper, and text file titled "#Read-for-recovery.txt".

What is Victualry.app?

We have tested Victualry.app and found that it has traits of adware. Once installed, Victualry.app delivers annoying advertisements. Additionally, we discovered that Victualry.app belongs to the Pirrit family. It is highly advisable not to install such apps and uninstall them if they are already present.

What kind of page is plaucratertleed[.]com?

Our team has reviewed plaucratertleed[.]com and discovered that its purpose is to receive permission to show notifications using a deceptive technique known as clickbait. As a rule, sites like plaucratertleed[.]com deliver unreliable notifications. Thus, they should not be permitted to send notifications.

What kind of page is news-xonaro[.]cc?

Our analysis has shown that news-xonaro[.]cc is one of the deceptive websites created to lure visitors into agreeing to receive their notifications. Like most of these sites, news-xonaro[.]cc uses clickbait to obtain permission to send notifications. It is highly advisable to avoid visiting sites like news-xonaro[.]cc.

What kind of page is ourhypespot[.]com?

While browsing untrustworthy sites, our researchers found ourhypespot[.]com. This rogue page endorses spam browser notifications and redirects visitors to other (likely unreliable/harmful) websites.

Most users enter webpages like ourhypespot[.]com through redirects caused by sites using rogue advertising networks. However, these pages are also promoted by intrusive ads, spam notifications, typosquatting (mistyped URLs), and adware.

What kind of page is ourcommonnewz[.]com?

Ourcommonnewz[.]com is the address of a rogue webpage discovered by our research team during a routine investigation of dubious sites. This page is designed to promote browser notification spam and redirect visitors to other (likely untrustworthy/hazardous) websites.

The majority of users access ourcommonnewz[.]com and webpages akin to it via redirects generated by sites that employ rogue advertising networks.

What kind of page is news-yanuhi[.]com?

Our researchers discovered news-yanuhi[.]com while inspecting suspect sites. After investigating this rogue page, we determined that it endorses browser notification spam and redirects visitors to different (likely unreliable/harmful) websites.

Users mainly access news-yanuhi[.]com and similar webpages via redirects caused by sites that employ rogue advertising networks.

What kind of malware is SpyAgent?

SpyAgent is a malicious program targeting Android devices. This malware has several data-stealing functionalities, which have been used to steal cryptocurrency wallets. SpyAgent infiltrates systems under the guise of legitimate or innocent-sounding applications; close to 300 fake apps were discovered.

Since January 2024, this malware has been used to target Korean users. However, an expansion to new territories is being observed at the time of writing. SpyAgent is widely proliferated via phishing campaigns, specifically – spam SMSes (smishing) and DMs/PMs (direct/private messages).