Virus and Spyware Removal Guides, uninstall instructions

What kind of page is defender-scanner[.]com?

We have discovered the defender-scanner[.]com website while examining various illegal streaming, torrent, and similar sites that use questionable advertising networks. We learned that defender-scanner[.]com is a deceptive website used to collect illegitimate commissions. It also asks for permission to show notifications.

What kind of malware is Putinwillburninhell?

Putinwillburninhell is ransomware that was discovered by MalwareHunterTeam. This piece of malware encrypts files and appends the ".putinwillburninhell" extension to their filenames. For instance, it renames "1.jpg" to "1.jpg.putinwillburninhell", "2.png" to "2.png.putinwillburninhell". Also, it creates a file named "RUSSKIJ VOENNIJ KORABL IDI NA**J.html".

What kind of page is news-cihumo[.]cc?

News-cihumo[.]cc is a rogue website our researchers discovered while inspecting untrustworthy sites. This page operates by loading questionable content, pushing browser notification spam, and redirecting visitors to other (likely unreliable and harmful) websites. Most users enter webpages like news-cihumo[.]cc via redirects caused by sites that use rogue advertising networks.

What is cleanHistory?

Our researchers discovered the cleanHistory browser extension while inspecting dubious download webpages. Following our analysis, we learned that this piece of software operates as a browser hijacker. It modifies browser settings in order to promote the cleanhistory.xyz fake search engine. Additionally, this extension spies on users' browsing activity.

What is MyZen Tab?

MyZen Tab is a browser extension that our researchers discovered while inspecting dubious download webpages. In vague terms, MyZen Tab's promotional material describes it as a new browser tab customization tool. After analyzing this piece of software, we determined that it operates as a browser hijacker. This extension modifies browser settings and promotes the search.myzentab.com fake search engine.

What is "HTML/Phishing"?

"HTML/Phishing" refers to HTML-based content primarily used for phishing. HTML stands for HyperText Markup Language - a language for content designed to be displayed on a Web browser. Phishing is a scam in which victims are tricked into disclosing sensitive information. However, material classified as "HTML/Phishing" may not operate as phishing does. It must be mentioned that "HTML/Phishing" or similar variations are also used as detection names by some anti-virus programs.

The main distribution method of "HTML/Phishing" is spam mail. Although, files within this classification may also be downloaded from other dubious sources. It is noteworthy that HTML-based content used for general fraudulent purposes is categorized as "HTML/Fraud".

What is "HTML/Fraud"?

HyperText Markup Language (HTML) is a content language for Internet browser display. Hence, "HTML/Fraud" refers to HTML-based content used for fraudulent purposes. Additionally, "HTML/Fraud" or similar variations are used by some anti-virus programs as detection names.

This term encompasses a wide variety of deceptive material, the purpose of which is to gain and subsequently abuse users' trust. "HTML/Fraud" is often used in phishing and other assorted online scams. It can be encountered through rogue websites and spam emails.

What kind of scam is "Collab Land" pop-up scam?

Our team has discovered this scam while examining reported online scams (this one was first reported by Mich). We learned that scammers behind it attempt to steal cryptocurrency wallets (obtain login credentials used to access them). They promote this scam by wriging private messages on Discord (and possibly other channels).

What kind of malware is Pandora?

Pandora (a rebranded version of Rook ransomware) is the name of ransomware that was discovered by MalwareHunterTeam. After analyzing the sample submitted to VirusTotal, our malware researchers found that Pandora encrypts files and appends ".pandora" extension to filenames. It provides a ransom note in the "Restore_My_Files.txt" file.

An example of how Pandora modifies filenames: it renames "1.jpg" to "1.jpg.pandora", "2.png" to "2.png.pandora", "3.exe" to "3.exe.pandora", and so forth.

What kind of malware is JS/Agent Trojan?

JS/Agent Trojan is a detection name for malicious JavaScript files. Typically, such files (malicious codes) are distributed by injecting them into legitimate websites. Computers get infected after a malicious (or legitimate but compromised) website is visited, and a malicious file is dropped.