Virus and Spyware Removal Guides, uninstall instructions

What is UpdaterWebPageEducate?

UpdaterWebPageEducate is an adware-type app that our researchers found when inspecting new submissions to VirusTotal. We have determined that this piece of software belongs to the AdLoad malware family.

What is the "Web Access for the 2022 version" email?

After analyzing the "Web Access for the 2022 version" email, our researchers determined that it is a phishing scam. This letter attempts to trick recipients into providing their email account log-in credentials to a phishing website, thereby allowing the scammers access/control over the account.

What kind of malware is ZOZL?

Our team has discovered the ZOZL ransomware while analyzing the samples submitted to VirusTotal. Our key findings are that ZOZL is part of the Phobos ransomware family and encrypts files, generates two ransom notes ("info.hta" and "info.txt"), and renames files.

An example of how ZOZL renames files (it appends the victim's ID, ops@mailc.net email address and the ".ZOZL" extension to filenames: it changes "1.jpg" to "1.jpg.id[9ECFA84E-3275].[ops@mailc.net].ZOZL", "2.jpg" to "2.jpg.id[9ECFA84E-3275].[ops@mailc.net].ZOZL".

What kind of application is PowerLane?

We have discovered the PowerLane application while visiting download pages for cracked software and pages displaying fake pop-ups. After examining PowerLane, we found that it is an advertising-supported application that can read browsing history and sensitive information from websites.

What is Shopping Guide?

Discovered by our team while researching deceptive websites, Shopping Guide is an adware-type browser extension. It promises to allow quick access to "the most popular e-commerce company". However, this extension delivers intrusive advertisement campaigns instead.

What kind of page is goldline-updates[.]com?

Goldline-updates[.]com is a rogue website promoting browser notification spam and capable of redirecting visitors to other untrustworthy/harmful pages.

We discovered this site while researching pages that use rogue advertising networks. Redirects caused by such webpages - are also how most users access websites like goldline-updates[.]com.

What is "YOUR GOOGLE HAS (4) CRITICAL VULNERABILITIES!"?

"YOUR GOOGLE HAS (4) CRITICAL VULNERABILITIES!" is a scam targeting Android users, which we discovered when researching rogue websites.

The scheme claims that the site visitor's device is infected and will be blocked - unless they install a "Google Chrome" application. We identified the piece of software spread by this scam as malicious. Based on the detections provided by VirusTotal, it is likely a banking trojan.

What kind of scam is "WALLET SYNCING"?

Our team has discovered this scam website while analyzing pages that use shady advertising networks. We have examined this page and concluded that it is disguised as a legitimate platform offering to synchronize cryptocurrency wallets with the blockchain. We also found that this site is flagged as a phishing page on VirusTotal at least by one security vendor.

What is the Medusa trojan?

Medusa is the name of a banking trojan that we have researched and analyzed a sample obtained from VirusTotal. This malware targets Android operating systems; it enables remote access control over infected devices and can extract a wide variety of vulnerable data from them.

Initially, Medusa was leveraged against financial organizations based in Turkey; however, its operations have spread to the United States, Canada, and Europe.

What kind of malware is Sncip?

Sncip is the name of ransomware that we have discovered while checking the VirusTotal page for recently submitted malware samples. Our team has tested Sncip and learned that it encrypts files and appends a string of random characters and the ".sncip" extension to their filenames. Also, it creates the "eauk_HOW_TO_DECRYPT.txt" file.

An example of how Sncip renames files: it changes "1.jpg" to "1.jpg.ynTca1SK21D-LM1Vd9xbHtELRrRBnYVkXLwJynRsec__LAAAACwAAAA0.sncip", "2.jpg" to "2.jpg.ynTca1SK21D-LM1Vd9xbHtELRrRBnYVkXLwJynRsec__LAAAACwAAAA0.sncip". The text file that Sncip creates contains a ransom note.