Step-by-Step Malware Removal Instructions

Mammon Ransomware
Ransomware

Mammon Ransomware

Mammon is a malicious program categorized as ransomware, not to be confused with the Makop ransomware of the same name. Malware within this category is designed to encrypt data and demand payment for its decryption. On our test machine, Mammon encrypted files and changed their names. Original fil

Koqlpo Cynav Tool Unwanted Application
Potentially unwanted application

Koqlpo Cynav Tool Unwanted Application

Our researchers discovered the Koqlpo Cynav Tool PUA (Potentially Unwanted Application) while inspecting suspicious sites. This app operates as a dropper for the Legion Loader malware. It is noteworthy that installation setups like the one containing Koqlpo Cynav Tool often include multiple pieces

Claim $ZORA Scam
Phishing/Scam

Claim $ZORA Scam

We have inspected the page (claim-4g5.pages[.]dev) and concluded that it is a copy of the original ZORA (zora.co) site. The fake website offers users the chance to claim $ZORA tokens as a lure. Its purpose is to trick individuals into taking actions that can lead to the theft of their cryptocurren

Flyforads.top Ads
Notification Spam

Flyforads.top Ads

Our analysis of flyforads[.]top shows that the site uses a clickbait technique to convince users to allow it to send notifications. After permission is granted, it floods users with deceptive messages that can lead to untrustworthy websites. For this reason, users should avoid granting flyforads[.

Hilierigurrious.com Ads
Notification Spam

Hilierigurrious.com Ads

We have inspected hilierigurrious[.]com and discovered that it uses clickbait to lure visitors into accepting its notifications. Once permission to show notifications is granted, hilierigurrious[.]com bombards users with fake warnings, alerts, offers, and similar content to promote shady websites.

Bert Ransomware
Ransomware

Bert Ransomware

Bert is ransomware designed to encrypt files and append its extension (".encryptedbybert") to filenames. An example of how the ransomware renames files: it changes "1.jpg" to "1.jpg.encryptedbybert", "2.png" to "2.png.encryptedbybert", etc. Upon encryption, Bert drops a ransom note (".note.txt") c

Sweprotect.co.in Ads
Notification Spam

Sweprotect.co.in Ads

We have examined sweprotect.co[.]in and concluded that it is an untrustworthy website that displays a misleading message to deceive visitors into allowing it to send notifications. If permitted, sweprotect.co[.]in can show notifications containing fake warnings and similar messages. Thus, users sh

Grant/Compensation Payment Program Email Scam
Phishing/Scam

Grant/Compensation Payment Program Email Scam

Our review of the email reveals that it is a fraudulent message designed to mislead recipients into believing they have won a large sum of money. Scammers behind these schemes often aim to steal personal information or convince victims to send payments. Such emails should be ignored. This

Prokermonantam.co.in Ads
Notification Spam

Prokermonantam.co.in Ads

Our researchers discovered the prokermonantam.co[.]in rogue page while investigating dubious websites. After examining this webpage, we determined that it promotes browser notification spam and redirects users to other (likely unreliable/malicious) sites. The majority of visitors to prokermonanta

Payment Has Been Remitted Into Your Account Email Virus
Phishing/Scam

Payment Has Been Remitted Into Your Account Email Virus

After inspecting this "Payment Has Been Remitted Into Your Account" email, we determined that it is malspam. The purpose of this spam campaign is to infect recipients' devices with malware by using a thirty thousand payment remittance notification as a lure. The spam email with the subject