Virus and Spyware Removal Guides, uninstall instructions

What is re-captha-version?

Upon examination, we have identified that re-captha-version comprises a collection of domains featuring numerical variations within their URLs. For instance, re-captha-version-2-11[.]top and re-captha-version-2-13[.]top exemplify this pattern. Additionally, the top level domains also differ. Examples include .top, .icu, .buzz, .com and .fun. The primary objective across all these sites is to deceive visitors into consenting to receive notifications.

What kind of application is CapraHircus?

Upon thorough scrutiny, it has been established that the CapraHircus application is unreliable and has the potential to inflict various harms on users. CapraHircus can access a wide range of data, manipulate extensions and themes, and activate the "Managed by your organization" feature in Chrome and Edge browsers.

What kind of page is nvideas[.]site?

While inspecting suspect websites, our researchers discovered the nvideas[.]site rogue page. It operates by promoting browser notification spam and redirecting users to different (likely unreliable/malicious) sites.

Most visitors to pages like nvideas[.]site enter them through redirects generated by websites that employ rogue advertising networks.

What kind of page is antivirusapp[.]space?

Antivirusapp[.]space is the address of a rogue webpage. It is designed to promote scams and browser notification spam. Furthermore, this page can redirect users to other (likely untrustworthy/harmful) sites.

The majority of visitors to such webpages access them via redirects caused by websites that use rogue advertising networks. Our research team discovered antivirusapp[.]space while reviewing pages that utilize said networks.

What kind of application is SmartCharacter?

While investigating new file submissions to the VirusTotal website, our researchers discovered the SmartCharacter app. It is classed as advertising-supported software (adware). SmartCharacter is part of the AdLoad malware family. This application is designed to feed users with unwanted and potentially malicious ads.

What is "U.S. Securities And Exchange Commission"?

After a review, it has been established that this is a classic technical support scam. In this scheme, deceptive pop-ups appear on a fraudulent page with the intention of misleading visitors into taking specific actions. These actions are geared towards coercing users into engaging in activities that benefit scammers.

What kind of page is bestpenad[.]com?

Our researchers found the bestpenad[.]com rogue page during a routine investigation of suspicious websites. Upon inspection, we determined that this webpage promotes browser notification spam and redirects users to other (likely dubious/malicious) sites.

Most visitors to bestpenad[.]com and similar pages enter them through redirects caused by websites that employ rogue advertising networks. Alternate access points could be redirects from spam notifications, intrusive ads, or installed adware.

What kind of email is "Adobe Scan"?

After investigating this "Adobe Scan" email, we determined that it is spam. The letter makes false claims regarding a document scanned using the Adobe Scan scanner app and sent to the recipient. The goal of this phishing mail is to deceive users into disclosing their email account log-in credentials.

What kind of malware is TrickMo?

The TrickMo banking Trojan, initially spotted in 2019, has resurfaced with enhanced features in 2023. The latest version uses JsonPacker for code concealment and introduces 45 commands, including screen content theft and overlay attacks for credential harvesting. Victims should remove this malware from infected Android devices immediately.

What kind of malware is GrafGrafel?

While investigating new submissions to the VirusTotal website, our research team discovered the GrafGrafel malicious program. It is part of the Phobos ransomware family. Malware within this classification encrypts data and demands ransoms for its decryption.

After we executed a sample of GrafGrafel on our test machine, it encrypted files and altered their filenames. Original titles were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".GrafGrafel" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3511].[GrafGrafel@tutanota.com].GrafGrafel" following encryption.

After this process was completed, ransom notes were created/displayed in a pop-up ("info.hta) and text files ("info.txt"), the latter were dropped in encrypted directories and on the desktop. Judging from the messages therein, it is evident that GrafGrafel targets companies instead of home users. Additionally, it uses double extortion tactics.