Virus and Spyware Removal Guides, uninstall instructions

What kind of application is NeverSleep?

While browsing deceptive websites, our research team discovered a page endorsing the NeverSleep app. It is presented as a tool for preventing computers from entering sleep mode. Upon inspection, we determined that NeverSleep is a PUA (Potentially Unwanted Application).

Software within this classification usually possesses harmful capabilities. The NeverSleep installer we analyzed also installed the NewEngine browser hijacker.

What kind of scam is "Verify You Are A Human (CAPTCHA)"?

Our research team discovered the "Verify You Are A Human" scam while investigating untrustworthy sites. It is essentially fake CAPTCHA authentication. This scheme is part of the ClickFix campaign and lures users into downloading/installing the Lumma stealer.

However, this scam and others that use hoax human verification tests can proliferate other malware. Additionally, they are widely used to promote browser notification spam and to advertise likely dubious/malicious content.

What kind of malware is Spy.Banker?

Spy.Banker is a piece of malicious software that targets Android and iOS devices. It is capable of creating app imitations through PWAs (Progressive Web Applications) or WebAPKs; the latter is an Android-only feature wherein Google Chrome automatically generates an APK (referred to as WebAPK).

At the time of writing, Spy.Banker malware has been used exclusively to impersonate banking applications. Known campaigns targeted customers of Czech, Georgian, and Hungarian banks. It is speculated that two different threat actors are behind Spy.Banker campaigns.

What kind of scam is "WARNING: Antivirus Protection EXPIRED!"?

We have inspected this scam and found that its purpose is to trick users into believing that their antivirus protection has expired. Typically, scammers use such scams to extract money or personal information from unsuspecting individuals. Thus, it is highly recommended not to interact with websites hosting such scams.

What kind of malware is Cthulhu?

Cthulhu is an information stealer written in the the Go programming language and designed to appear as a legitimate application. Its primary purpose is to extract credentials and cryptocurrency wallets from various stores and game accounts. The stealer seems to be available for rent to individuals at a rate of $500 per month.

What kind of page is hunforandiogs[.]com?

Hunforandiogs[.]com is a rogue page that promotes browser notification spam and redirects visitors to other (likely unreliable/dangerous) websites.

Webpages like hunforandiogs[.]com are most often accessed via redirects caused by sites utilizing rogue advertising networks. Our research team discovered this page while inspecting websites that use such networks.

What kind of email is "IMAP/POP3 TIME-OUT"?

After inspecting the "IMAP/POP3 TIME-OUT" email, we determined that it is spam. The message falsely claims that the recipient's email service has been temporarily restricted due to an error. This lure is used to deceive recipients into disclosing their email account log-in credentials to a phishing website.

What kind of page is protectkingdom[.]com?

Our analysis of protectkingdom[.]com has shown that it is a misleading website created to trick visitors into permitting it to send notifications. Protectkingdom[.]com and similar sites should not be allowed to show notifications, as their notifications often are fraudulent. It is worth noting that users rarely access such websites on purpose.

What is "Giving While Living"?

We have inspected this email and determined that it is a scam. The purpose of this scam email is to extract personal information and (or) money from recipients. Whoever receives such emails should ignore them and never provide any information or take other actions.

What kind of malware is Dice?

Dice is ransomware that we discovered while examining malware samples uploaded to VirusTotal. Our analysis has shown that Dice encrypts files, appends its extension (".dice") to filenames, and creates a ransom note ("readme.txt"). An example of how files encrypted by Dice are renamed is "1.jpg" being changed to "1.jpg.dice", "2.png" to "2.png.dice", and so on.