Virus and Spyware Removal Guides, uninstall instructions

What kind of page is basein[.]info?

Our analysis of basein[.]info has shown that the purpose of this web page is to receive permission to show notifications. To achieve this, basein[.]info uses clickbait (a deceptive method). Pages like basein[.]info should be avoided and not permitted to send notifications to avoid exposure to scams and other fraudulent schemes.

What kind of malware is Ior?

Our team discovered Ior while inspecting malware samples submitted to the VirusTotal web page. Ior is ransomware belonging to the Dharma family. It encrypts data, appends the victim's ID, jasalivan@420blaze.it email address, and the ".ior" extension to filenames, and provides two ransom notes (displays a pop-up window and creates a file named "manual.txt").

An example of how Ior renames files: it changes "1.jpg" to "1.jpg.id-9ECFA84E.[jasalivan@420blaze.it].ior", "2.png" to "2.png.id-9ECFA84E.[jasalivan@420blaze.it].ior", and so forth.

What kinf of scam is "$ETHFI Shared For Karak Users"?

We have inspected the page (karaketherfi.pages[.]dev) and found that it is fraudulent. It offers individuals to receive rewards as a lure. The goal is to trick them into taking actions that can result in substantial financial losses. Therefore, karaketherfi.pages[.]dev should not be trusted.

What kind of email is "Price And Delivery Time"?

After inspecting the "Price And Delivery Time" email, we determined that it is malspam. The purpose of this malicious spam is to deceive recipients into infecting their devices with malware by luring them with a supposed purchase order.

What is the fake "Mint StoneAi" website?

During a routine investigation, our research team discovered the "Mint StoneAi" scam as promoted on new.vedep[.]xyz (note that it could be hosted elsewhere). It lures users into exposing their digital wallets to a crypto drainer by promising an opportunity to mint (generate) StoneAi NFTs (Non-Fungible Tokens) for free.

Victims of this scheme experience financial loss. It must be stressed that this fake "Mint StoneAi" page is not associated with any existing platforms or entities.

What kind of malware is Voldemort?

Voldemort is the name of a backdoor-type malware. It is written in the C programming language. This malicious program has been around since at least the summer of 2024. It is suspected that Voldemort is used in cyber-espionage, potentially by an advanced threat actor.

This malware was proliferated in global mass-scale email spam campaigns. Large volume of the emails targeted organizations in the US, Europe, and Asia. This activity centered on a wide variety of spheres, with the largest number of targets specializing in insurance, aerospace, transportation, education, and finance.

What kind of scam is "SunToken Allocation"?

Upon inspection, we determined that the "SunToken Allocation" website (sunpumpswap[.]com) is deceptive. It claims to be distributing digital assets, and when users try to claim them – the cryptowallet connect options include platforms of ill-repute.

What kind of malware is Emansrepo?

Emansrepo is an information stealer that is delivered to potential victims via email. Once infiltrated, it extracts various personal information and sends it to the attackers. Victims of this stealer may suffer financial losses, privacy breaches, and other issues. Emansrepo should be removed from infected systems immediately.

What is "Restore IMAP/POP3"?

Our team has inspected this email and concluded that it is a phishing email. Its purpose is to trick recipients into opening a fake website and providing personal information on it. The email is disguised as a notification from an email service provider. Users should ignore such emails.

What kind of email is "Exceeding Your Free Data Volume"?

Upon inspection, we determined that the "Exceeding Your Free Data Volume" email is spam. It states that due the the mailbox data volume having been exceeded, the recipient may experience email service interruptions. This phishing mail aims to trick recipients into disclosing their email account log-in credentials.