Virus and Spyware Removal Guides, uninstall instructions

What kind of page is aucfuu[.]com?

Our team has discovered aucfuu[.]com while visiting websites (torrent, illegal movie streaming, and similar pages) that use questionable advertising networks. At the time of the research, aucfuu[.]com used a clickbait technique to get permission to show notifications and redirected to a shady website.

What kind of pages are video***.live?

While analyzing questionable sites, our research team discovered the video***.live websites. This webpage group includes many domains, e.g., videosol[.]space, videobtc[.]space, videofun[.]space, videoeth[.]space, videofan[.]space, videofon[.]space, videofen[.]space, etc.

These sites are designed to trick visitors into allowing them to display browser notifications. Furthermore, the websites redirect to one another so that they could gain as many notification-delivery permissions as possible. Sites of this type are usually accessed inadvertently, most commonly via other pages that employ rogue advertising networks.

What kind of application is one dark?

We have discovered the one dark application while inspecting browser notifications delivered by various questionable websites. Once we installed one dark, it hijacked a web browser by changing its settings. We have learned that one dark is a browser hijacker designed to promote yesjis.com - a fake search engine.

What is NetworkStructured?

Our researchers found NetworkStructured when looking through new submissions on VirusTotal. After analyzing this sample, we came to the conclusion that NetworkStructured is an adware belonging to the AdLoad malware family.

We have studied many adware-type applications from this malware group, and they often have browser hijacker features (though NetworkStructured did not exhibit such behavior at the time of research). And these apps tend to track data as well.

What is "Account version is outdated" email scam?

After receiving this email, our team has analyzed it and determined that this is a phishing email used to retrieve email account login credentials. Scammers behind it attempt to trick recipients into believing that their account is outdated and needs to be updated through the provided website link.

What kind of malware is Cip?

While analyzing the Cip ransomware sample, we found out that it belongs to the Dharma ransomware family. We also noticed that it encrypts files and appends the victim's ID, ciphercrypt@tuta.io] email address and the ".cip" extension to filenames. For example, it renames "1.jpg" to "1.jpg.cip", "document.txt" to "document.txt.cip".

Like most ransomware variants, Cip ransomware provides contact information (and other details regarding data recovery). It displays a pop-up window and creates the "info.txt" file containing ransom notes.

What is Clipboard Sync Beta?

We detected Clipboard Sync Beta when researching scam websites. This adware-type browser extension was promoted by the "Install the extension for Chrome to protect your privacy" scam.

This piece of software promises to sync clipboard data between two desktop devices; instead, it runs intrusive advert campaigns (displays ads).

What kind of page is important-incoming-news[.]com?

Important-incoming-news[.]com was detected by our research team during a routine inspection of suspicious webpages. This site is designed to push its browser notifications, and it can cause redirects to other untrustworthy/malicious pages. Websites akin to important-incoming-news[.]com are primarily accessed via ones using rogue advertising networks.

What is the "Install the extension for Chrome to protect your privacy" scam?

Our researchers encountered the "Install the extension for Chrome to protect your privacy" scam while inspecting browser notifications delivered by various questionable sites. Specifically, an ad delivered by important-incoming-news[.]com that promoted a website running the scam in question.

Typically, schemes of this kind are used to promote a wide variety of untrustworthy software like fake anti-viruses, adware, browser hijackers, and PUAs (Potentially Unwanted Applications). This scam endorsed the Clipboard Sync Beta adware at the time of research.

What is MTX ransomware?

When searching VirusTotal for new malware submissions, our researchers found yet another malicious program belonging to the Dharma ransomware family. This ransomware-type program is called MTX.

On our test system, this malware encrypted files and appended their titles a unique ID, the cyber criminals' email address, and a ".MTX" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id-9ECFA84E.[mtx88@onionmail.org].MTX".

Once the encryption was completed, MTX displayed a pop-up window and created a text file "info.txt" on the desktop - both contained ransom notes.