Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is CookiesHelper?

CookiesHelper is ransomware that we discovered during inspection of malware samples submitted to VirusTotal. CookiesHelper is created to encrypt files and provide a ransom note ("FILE RECOVERY.txt") containing instructions on how to contact cybercriminals and other details. Also, CookiesHelper adds the ".cookieshelper" extension to filenames.

For instance, it renames "1.jpg" to "1.jpg.cookieshelper", "2.png" to "2.png.cookieshelper", and so forth.

What kind of application is CommonValue?

Upon examination, it has been determined that CommonValue exhibits characteristics typical of adware. When in operation, it presents users with irritating advertisements. Furthermore, this application may be crafted to collect diverse information. It is noteworthy to highlight that a majority of applications akin to CommonValue are promoted through deceptive methods.

What kind of email is "Payroll Sheet"?

Upon reviewing the "Payroll Sheet" email, we determined that it is spam. The letter claims to include access to a payroll sheet, which the recipient is requested to review and approve. However, by attempting to do so – the user is redirected to a phishing website that targets email account log-in credentials.

What kind of scam is "PonDX"?

The "PonDX" scam imitates the legitimate platform of the same name and operates as a cryptocurrency drainer. After a victim connects their wallet through the fake website, the funds stored therein are drained.

What kind of scam is "Malicious Site Has Downloaded Infected Files To Your PC"?

While investigating suspicious sites, our research team discovered the "Malicious Site Has Downloaded Infected Files To Your PC" scam. The purpose of this scheme is to trick users into thinking that virulent files have been downloaded onto their devices. In most cases, scams of this kind are utilized to promote untrustworthy and harmful software.

What kind of page is desktopleads[.]info?

We have determined that desktopleads[.]info is one of the numerous deceptive sites designed to trick visitors into thinking that their computers are infected. Also, desktopleads[.]info wants to show notifications. Typically, users open sites like desktopleads[.]info unintentionally. It is highly advisable not to trust such pages.

What kind of scam is "SingularityNET - AGIX"?

After inspecting "SingularityNET - AGIX", we determined that it is a scam. This scheme operates as a cryptocurrency drainer and imitates the official website of the SingularityNET (SNET) platform. The legitimate website's URL is singularitynet.io, while the discovered imitator's agix[.]re (other variations are not unlikely). Victims of this scam experience cryptocurrency theft.

What kind of application is Cumbha.app?

Our researchers found Cumbha.app while reviewing new file submissions to the VirusTotal website. After analyzing this application, we learned that it is adware from the Pirrit malware family. Cumbha.app is designed to feed users with undesirable and potentially malicious advertisements.

What kind of malware is Pings?

Pings is malware we discovered during an analysis of malware samples submitted to VirusTotal. It was found that Pings is ransomware designed to encrypt files, provide a ransom note ("FILE RECOVERY.txt"), and rename files (append the ".pings" extension to filenames). Pings is used to extort money from victims in return for data decryption.

An example of how files affected by Pings are renamed: "1.jpg" is changed to "1.jpg.pings", "2.png" to "2.png.pings", and so forth.

What kind of malware is Mango?

Mango ransomware is a malicious program discovered by our researchers during a routine inspection of new submissions to the VirusTotal platform. This malware is part of the Phobos ransomware family. Mango operates by encrypting files to demand payment for its decryption.

After we launched a sample of this ransomware on our test machine, it encrypted files and altered their filenames. Initial titles were appended with a unique ID assigned to the victim, the cyber criminal's email address, and a ".mango" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3316].[duckjahana@onionmail.com].mango".

Following the completion of the encryption process, two ransom notes were created. One was displayed in a pop-up window titled "info.hta", and another was a text file named "info.txt"; these files were dropped onto the desktop and into all encrypted directories.