Virus and Spyware Removal Guides, uninstall instructions

What kind of application is CrocutaCrocuta?

Upon testing, it has become apparent that CrocutaCrocuta is a malicious extension capable of reading data on all websites, enabling the "Managed your organization" feature, and performing other actions within Chrome (and Edge) browsers. CrocutaCrocuta has been discovered after obtaining a malicious installer from a shady website.

What kind of application is OptimizationSquare?

OptimizationSquare is a rogue app that we discovered during a routine review of new submissions to the VirusTotal website. After analyzing this application, we determined that it is advertising-supported software (adware). OptimizationSquare is part of the AdLoad malware family.

What kind of scam is "You've Got Mail"?

We have identified this email as a fraudulent scheme orchestrated by scammers seeking to acquire personal information from recipients. These deceptive emails are widely recognized as phishing attempts. In this case, the scammers masquerade as an email service provider to extract information.

What kind of email is "FedEx - Delivery Of The Suspended Package"?

After examining the "FedEx - Delivery Of The Suspended Package" email, we determined that it is spam. This fake letter states that the recipient has a pending package delivery.

It must be stressed that the information provided by this phishing email is false, and this mail is in no way associated with FedEx or any other legitimate service providers.

What is "Mailbox Storage Re-validation"?

We have determined that this email is a fraudulent attempt by scammers to obtain personal information from recipients. Such emails are commonly known as phishing emails. In this instance, scammers pose as an email service provider to entice recipients into revealing their information on a phishing page.

What kind of malware is BlackLegion?

BlackLegion is ransomware that restricts access to files by encrypting them. Victims cannot open encrypted files without decrypting them. Additionally, BlackLegion creates a ransom note ("DecryptNote.txt") and renames files by appending a string of random characters, an email address, and the ".BlackLegion" extension.

An illustration of how BlackLegion modifies filenames: it changes "1.jpg" to "1.jpg.[34213633].[BlackLegion@zohomail.eu].BlackLegion", "2.png" to "2.png.[34213633].[BlackLegion@zohomail.eu].BlackLegion", and so forth.

What kind of application is ConnectedServer?

Based on our analysis, it has been determined that ConnectedServer is adware. ConnectedServer bombards users with annoying advertisements. Additionally, it possesses the potential to gather diverse data. Typically, applications like ConnectedServer are promoted and disseminated through deceptive methods, such as misleading websites.

What is "DHL Shipping Invoice"?

Upon meticulous examination, it has been identified that this email is a typical phishing attempt. Perpetrators orchestrating this phishing campaign masquerade as DHL, a reputable logistics company specializing in courier, package delivery, and express mail services. Their objective is to deceive recipients into divulging sensitive information through a fraudulent website.

What kind of malware is the Iranian banking trojan?

Iranian banking trojan refers to an Android-specific malware targeting the customers of multiple Iranian banks. The first campaigns involving this trojan were observed back in December of 2022. While having undergone several iterations, these campaigns are still active as of the time of writing.

The initial volley comprised 40 malicious apps used as a guise for this trojan, but this operation has expanded to another 250. The primary goal of this malware is to obtain banking-related information, yet the newest variants have broadened their horizons to include cryptocurrency wallets.

What kind of application is AdminLibrary?

Our research team discovered the AdminLibrary rogue app while investigating new submissions to the VirusTotal website. Upon inspection, we identified this application as adware belonging to the AdLoad malware family. AdminLibrary operates by running intrusive advertisement campaigns.