Virus and Spyware Removal Guides, uninstall instructions

What kind of page is flisshop[.]club?

During our examination of flisshop[.]club, we found that this page uses a deceptive technique to lure visitors into accepting its notifications. Users often land on websites like flisshop[.]club inadvertently. If encountered, flisshop[.]club should be closed and not permitted to send notifications.

What kind of page is news-guhore[.]com?

Our researchers discovered news-guhore[.]com while browsing dubious websites. After inspecting this rogue page, we determined that it endorses browser notification spam and generates redirects to other (likely unreliable/dangerous) sites.

Most visitors enter webpages like news-guhore[.]com via redirects caused by websites utilizing rogue advertising networks.

What kind of page is news-gexico[.]com?

News-gexico[.]com is a rogue webpage discovered by our research team during a routine investigation of suspect sites. This page is designed to promote browser notification spam and redirect users to other (likely untrustworthy/harmful) websites.

Webpages like news-gexico[.]com are most commonly accessed via redirects caused by sites that utilize rogue advertising networks.

What kind of extension is SearchPlus?

While testing SearchPlus, we noticed that this extension has traits of a browser hijacker. Upon adding SearchPlus to a browser, the extension changes certain settings to promote a fake search engine. Users should avoid SearchPlus and similar extensions. If SearchPlus is already added, it should be removed.

What kind of software is FastFind?

Our research team discovered the FastFind browser extension while investigating a rogue installer. This software modifies browser settings and produces redirects. Due to this behavior, FastFind is classed as a browser hijacker.

What kind of page is thissrmadsme[.]org?

While examining thissrmadsme[.]org, we noticed that it uses clickbait to receive permission to send notifications. Deceptive websites like thissrmadsme[.]org (and their notifications) can expose users to various risks. Thu, thissrmadsme[.]org should be avoided and not allowed to send notifications.

What is "Claim Base Dawgz"?

Our analysis of the page (basedawgz-claims.pages[.]dev) has shown that it is a scam website. The scammers behind this site aim to trick individuals into believing they are on a legitimate crypto platform. Their goal is to steal cryptocurrency. Thus, basedawgz-claims.pages[.]dev should not be trusted.

What kind of email is "Is Visiting A More Convenient Way To Reach"?

After reading the "Is Visiting A More Convenient Way To Reach" email, we determined that it is spam. This mail promotes a sextortion scam.

The email claims that the sender has infected the recipient's smartphone and was monitoring them. In addition to obtaining sensitive data, the sender supposedly filmed a sexually explicit video of the recipient. They threaten to leak it if they are not paid.

It must be emphasized that all the claims made by this spam mail are false. Therefore, it poses no threat to the recipients.

What kind of malware is Cicada 3301?

Cicada 3301 is a ransomware that emerged in the summer of 2024. It is offered as Ransomware-as-a-Service (RaaS) – a cyber-crime business model wherein access to ransomware and associated infrastructure is provided to paying affiliates. Cicada 3301 is written in the Rust programming language. Ransomware is designed to encrypt files and demand ransoms for the decryption.

Cicada 3301 encrypts data using the ChaCha20 cryptographic algorithm (symmetric cryptography). The filenames of affected files are appended with an extension comprising seven random characters, e.g., a file initially titled "1.jpg" appeared as "1.jpg.f11a46a1" on our testing system.

After the encryption process is finished, Cicada 3301 drops a ransom note in a text file named "RESTORE-[file_extension]-DATA.txt".

What kind of malware is C*nt?

While reviewing malware submitted to the VirusTotal platform, our researchers found the C*nt ransomware (the asterisk stands for the letter "u"; thus, the name of this program will be censored throughout this article). The malware encrypts data and demands ransoms for its decryption. C*nt is part of the Dharma ransomware family.

On our testing system, this program encrypted files and modified their filenames. Original titles were appended with a unique ID assigned to the victim, the attackers' email (censored with asterisks in the article), and a ".c*nt" extension. For example, a file named "1.jpg" looked like "1.jpg.id-9ECFA84E.[d**kdriver777@cock.li].c*nt".

After the encryption process was finished, the ransomware created ransom-demanding messages in a pop-up window and a text file titled "info.txt".