Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "DHL Shipment Details"?

"DHL Shipment Details" refers to a fake email using the name of DHL - courier and deliver company - for nefarious purposes. It must be emphasized that this letter is in no way associated with either DHL or Deutsche Post. After analyzing this email, we have determined that it operates as a phishing scam. This spam mail targets email account log-in credentials by tricking recipients into entering them into a phishing file.

What kind of page is datingtorrid[.]top?

Datingtorrid[.]top is a rogue site that our research team discovered through a scam email promoting it. This page is designed to push spam browser notifications and redirect visitors to untrustworthy/harmful websites.

Rogue webpages can also be accessed via mistyped URLs or redirects generated by spam notifications, intrusive ads, sites that use deceptive advertising networks, or installed adware.

What kind of software is CryptoTab Browser?

CryptoTab Browser is the name of a Chromium-based browser. Its official page states that it is a lightweight browser that mines cryptocurrency. After examining the app, we found that it promotes cleanbrowser.network, a fake search engine.

What kind of scam is "Signed In To From A New Windows Device"?

Our team has examined this email and learned that it cannot be trusted. Scammers behind it attempt to trick recipients into believing that someone has signed into their Outlook accounts. Their goal is to obtain login credentials through the provided website.

What kind of malware is Snick?

Snick is ransomware that belongs to Makop family. Our team has discovered it while examining the malware samples submitted to VirusTotal. We found that Snick encrypts files and modifies their filenames, and creates the "readme-warning.txt" text file containing a ransom note.

Snick ransomware renames files by appending a string of random characters, snick0222@goat.si email address, and the ".snick" extension. For example, it renames "1.jpg" to "1.jpg.[87C29B86].[snick0222@goat.si].snick", "2.png" to "2.png.[87C29B86].[snick0222@goat.si].snick", and so forth.

What kind of software is KernelReproduce?

KernelReproduce is the name of an application that our team has discovered while studying the samples submitted to VirusTotal. After testing the app, we have found that KernelReproduce operates as adware - it generates advertisements. Usually, apps like KernelReproduce are distributed using questionable (deceptive) methods.

What is Bloom adware?

Bloom is a piece of advertising-supported software (adware), which our research team discovered while inspecting shady download pages. We have also noted that this application is practically identical to Tone adware.

What kind of malware is XRED?

XRED is ransomware that encrypts files (makes them unusable), creates the "read_it.txt" file, changes the desktop wallpaper, and appends four random characters to filenames. Our malware researchers have discovered this ransomware while examining the samples submitted to VirusTotal.

An example of how XRED modifies filenames: it renames "1.jpg" to "1.jpg.3f2a", "2.png" to "2.png.pu9o", and so forth. The text file created by XRED contains a ransom note.

What is Plus Darker?

Plus Darker is a browser extension advertised as a tool capable of enabling dark mode for simple websites. We have determined that this piece of software operates as a browser hijacker. Plus Darker changes browser settings to promote the getsins.com fake search engine, and it spies on users' browsing activity.

What kind of malware is DIKE?

DIKE is ransomware that cybercriminals use to blackmail victims. It encrypts files and generates "info.hta" and "info.txt" files that contain ransom notes. We have discovered DIKE while checking VirusTotal for submitted malware samples. It was found that DIKE is part of the Phobos ransomware family.

Additionally, DIKE renames encrypted files by appending the victim's ID, taoshan@privatemail.com email address, and ".DIKE" (extension) to filenames. For example, it renames "1.jpg" to "1.jpg.id[9ECFA84E-3316].[taoshan@privatemail.com].DIKE", "2.jpg" to "2.jpg.id[9ECFA84E-3316].[taoshan@privatemail.com].DIKE".