Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Ghostly?

Discovered by Yogesh Londhe, Ghostly is a piece of malicious software classified as a stealer. As the classification implies, this malware extracts and exfiltrates vulnerable information from infected machines. Targeted data and how it is abused depends on the stealer's design and the attackers' modus operandi.

What kind of scam is "Switch To New Server"?

We have examined the email and learned that it is a phishing email disguised as a letter from an email service provider. Scammers crafted this email to extract personal information from unsuspecting recipients. Whoever receives this or a similar email should ignore it to avoid potential harm.

What is the x-finder.pro website?

X-finder.pro is the address of a fake search engine promoted by the "X-Finder. Search" browser hijacker. This extension modifies browser settings to generate redirects that can land on different sites. X-Finder. Search has been observed being proliferated by the CrackedCantil dropper malware.

What kind of malware is Dracula?

Discovered by @g0njxa, Dracula is a type of malware designed to infiltrate computers and steal sensitive information. Typically, threat actors use such malware to steal data that can be exploited for various malicious purposes, including identity theft and financial fraud. Victims should immediately eliminate this malware from compromised systems.

What kind of program is MoaNesiotis?

We have inspected the MoaNesiotis browser extension and discovered that it can enable the "Managed by your organization" feature, read various information, and manage certain components within affected browsers. Also, MoaNesiotis is distributed using unreliable sites. Thus, users should avoid adding MoaNesiotis to browsers.

What kind of malware is Shadow?

Shadow (Ran_jr_som) is a ransomware variant we discovered while analyzing malware samples submitted to VirusTotal. Upon infiltration, Shadow encrypts data and appends the ".Shadow" extension to filenames (sometimes it appends this extension twice). Additionally, this ransomware creates a ransom note ("readme.txt" file).

An example of how Shadow renames files: it changes "1.jpg" to "1.jpg.Shadow" (or "1.jpg.Shadow.Shadow"), "2.png" to "2.png.Shadow" (or "2.png.Shadow.Shadow"), and so forth.

What kind of application is GrowthStyle?

When examining the GrowthStyle app, we noted that it bombards users with intrusive advertisements promoting questionable and potentially malicious websites. Thus, we classified GrowthStyle as adware. It is common for software of this type to be distributed using deceptive strategies and installed by users inadvertently.

What kind of page is phoureel[.]com?

While inspecting questionable sites, our research team found the phoureel[.]com rogue webpage. After investigating it, we determined that this page promotes browser notification spam and redirects users to other (likely unreliable/malicious) websites.

The majority of visitors to phoureel[.]com and similar webpages enter them via redirects caused by sites utilizing rogue advertising networks.

What kind of page is onehortensia[.]com?

While reviewing dubious websites, our research team discovered the onehortensia.com rogue page. It endorses spam browser notifications and redirects visitors to different (likely untrustworthy/hazardous) sites.

Webpages like onehortensia[.]com are most commonly accessed via redirects caused by websites that employ rogue advertising networks.

What kind of email is "Agreement Update"?

"Agreement Update" is a phishing email. This spam letter is disguised as a notification regarding an update to terms of service. The goal of this deception is to lure recipients into visiting a phishing website that targets log-in credentials. Email passwords entered into this page can enable scammers to steal the exposed accounts.