Virus and Spyware Removal Guides, uninstall instructions

What kind of page is gr4phic-4rt[.]xyz?

During a routine inspection of rogue websites, our research team discovered gr4phic-4rt[.]xyz - a page designed to host deceptive content, push browser notification spam, and redirect visitors to other untrustworthy/malicious sites. Most users enter webpages of this kind via redirects caused by sites using rogue advertising networks.

What kind of malware is Cantopen?

Our malware researchers have discovered the Cantopen ransomware while checking the samples submitted to VirusTotal. After analyzing this ransomware, we have learned that it appends the ".cantopen" extension to filenames of all encrypted files and creates the "HELP_DECRYPT_YOUR_FILES.txt" text file (a ransom note).

An example of how Cantopen renames files: it renames "1.jpg" to "1.jpg.cantopen", "document.txt" to "document.txt.cantopen".

What kind of page is news-heceye[.]cc?

News-heceye[.]cc is a rogue website our researchers discovered while inspecting untrustworthy pages. This webpage is designed to load questionable material, promote browser notification spam, and redirect visitors to other unreliable/malicious sites.

Most visitors to news-heceye[.]cc and similar websites access them via other pages that employ rogue advertising networks.

What kind of page is system-dating[.]top?

We have discovered the system-dating[.]top site after receiving a shady email. Our team has examined system-dating[.]top and found that it is designed to trick visitors into agreeing to receive notifications. Additionally, it can open adult pages and other potentially malicious sites.

What is Tor (Paradise) ransomware?

Discovered during a routine inspection of VirusTotal submissions, Tor is a ransomware-type program. Our researchers have determined that it belongs to the Paradise malware family.

Once launched on our test system, Tor began encrypting files and appending their filenames with a "_decryptor_{victim's_ID}.tor" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg_decryptor_{vTI2ib}.tor" after encryption.

Following the completion of this process, a ransom note named "---==%$$$OPEN_ME_UP$$$==---.txt" - was created on the desktop.

What kind of email "We Receive Another Bank Information"?

We have examined this email and found that it is disguised as a letter from an unspecified bank regarding changes in bank account information. It also has a malicious archive file attached to it. After examining the attachment, we learned that it is used to trick recipients into executing NanoCore - a Remote Administration Trojan (RAT).

What is LauncherRecord?

LauncherRecord is yet another adware-type application belonging to the AdLoad malware family, which our researchers discovered while inspecting new submissions to VirusTotal. This app is designed to run intrusive advertisement campaigns, and it may have other harmful abilities.

What kind of page is safetyfirst[.]cfd?

Safetyfirst[.]cfd is a deceptive website designed to trick visitors into believing that their computers are at risk/infected with viruses and agreeing to receive notifications. We discovered safetyfirst[.]cfd while examining pages (such as torrent sites and illegal movie streaming sites) that use shady advertising networks.

What kind of application is OriginInput?

Our team has discovered the OriginInput while examining shady websites that display deceptive content to trick visitors into downloading questionable applications. After installation, OriginInput started to display unwanted advertisements. Thus, we have concluded that OriginInput is typical adware.

What is the "I have been watching you" email?

"I have been watching you" is a spam email our researchers have classified as a sextortion scam. This letter falsely claims that there is proof of the recipient's infidelity and threatens to leak it - unless a payment is made. It must be emphasized that this mail is merely a scam, and none of its claims are true.