Virus and Spyware Removal Guides, uninstall instructions

What is the McAfee: SECURITY ALERT pop-up scam?

We have encountered the "McAfee: SECURITY ALERT" fake virus notification displayed by a deceptive website while visiting other pages that use rogue advertising networks. This scam is similar to many other scams that our team has discovered before. Websites of this type (fake notifications displayed by them) must be ignored.

What kind of page is bestfaustcaptcha[.]top?

Our researchers found bestfaustcaptcha[.]top when analyzing shady websites. This page is a typical example of browser notification spam promotion. In addition to pushing its notifications, bestfaustcaptcha[.]top can redirect visitors to other questionable/malicious sites.

We accessed this webpage through another that uses rogue advertising networks; it is the most likely entry point to sites like bestfaustcaptcha[.]top. Other ways to enter them include mistyped URLs, redirects caused by browser notifications/ intrusive ads or by installed harmful software.

What kind of software is Security Suite?

We have found the Security Suite adware while checking shady websites (Security Suite has an official download website too). We examined the deceptive page promoting Security Suite and noticed that it displays a fake message disguised as a notification from the Chrome browser. That message claims that Security Suite will block online ads.

What kind of malware is Polizia Di Stato?

Polizia Di Stato is the ransomware that we discovered while analyzing samples submitted to VirusTotal. While testing this ransomware variant, we have learned that it encrypts files, appends the ".polizia" extension to filenames (for instance, renames "1.jpg" to "1.jpg.polizia", "2.jpg" to "2.jpg.polizia").

Also, Polizia Di Stato creates the "POLIZIA_DI_STATO.txt" file (a ransom note) and an image with two police officers. Cybercriminals behind this ransomware pretend to be state police officers to scare victims into paying a ransom. No police would ever attack computers with ransomware.

What is Test Certificate?

After installing this suspicious browser extension, our researchers classified Test Certificate as adware. While this piece of software claims to provide the service of easy website verification, it operates by running intrusive advertisement campaigns instead. Our research also revealed that Test Certificate spies on users' browsing activity.

What kind of page is louses[.]net?

Louses[.]net is a deceptive website that has been discovered by our malware researchers while visiting several torrent sites and illegal video streaming websites. At the time of the research, louses[.]net displayed a fake CAPTCHA and redirected to a virtually identical page (maxy-tax[.]com).

What kind of page is windows-secureit[.]com?

During a routine exploration of questionable websites, our researchers detected windows-secureit[.]com - a page that promotes the "McAfee - Your PC is infected with 5 viruses!" scam. This site also pushes its browser notifications and can redirect visitors to other unreliable/malicious webpages.

Typically, websites like windows-secureit[.]com are accessed through redirects caused by other pages that use rogue advertising networks.

What kind of application is PreviewInteractive?

PreviewInteractive is the name of adware that we have discovered on a deceptive website that displayed a fake notification suggesting that Adobe Flash Player is out of date. Once we executed a fake installer, it installed PreviewInteractive - an application that started displaying unwanted ads and hijacked a web browser.

What kind of page is topraw[.]net?

Our researchers identified a new address - topraw[.]net - used for browser notification spam. At the time of research, this site pushed its notifications and promoted other untrustworthy/malicious websites. Pages of this kind are typically accessed via others that use rogue advertising networks, which is how we detected topraw[.]net as well.

What is WhisperGate ransomware?

First analyzed by Microsoft Threat Intelligence Center (MSTIC), WhisperGate was detected on January 13, 2022. According to MSTIC's report, this malware was released explicitly against various Ukrainian organizations in geopolitically-motivated attacks.

WhisperGate is a ransomware-type program. Usually, malicious software within this classification locks the infected device's screen (screenlocker) and/or encrypts files - to demand ransoms for the access recovery/ decryption. However, MSTIC noted that WhisperGate operates in a destructive manner and has no functionality that would enable recovery. Having also analyzed WhisperGate, our researchers agree with this consensus.