Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "A Payment Has Been Posted On Your Card"?

After reviewing the "A Payment Has Been Posted On Your Card" email, we determined that it is fake. Presented as a notification from American Express, it claims that the recipient has been given a reward payment.

The letter instructs to download and access the attachment, thus validating the payment and releasing it to their account. However, the attachment is a phishing file that targets log-in credentials.

It must be emphasized that all the claims made by this email are false, and this mail is not associated with the actual American Express Company.

What kind of application is Carnivora?

Carnivora is a malicious browser extension that has been discovered during analysis of a malicious installer hosted on a suspicious website. Carnivora is capable of performing actions such as adding the "Managed by your organization" feature to browsers, managing themes and extensions, and reading various data.

What kind of malware is SaveLock?

SaveLock is a ransomware-type program discovered during a routine investigation of new submissions to the VirusTotal site. This malicious program is part of the MedusaLocker ransomware family. SaveLock operates by encrypting data to demand ransoms for its decryption.

On our testing system, this ransomware encrypted files and altered their filenames. Original names were appended with a ".savelock52" extension, e.g., a file like "1.jpg" appeared as "1.jpg.savelock52", "2.png" as "2.png.savelock52", and so on for all of the locked files.

After the encryption process was completed, a ransom-demanding message titled "How_to_back_files.html" was dropped. The text therein makes it evident that SaveLock targets companies and utilizes double extortion tactics.

What kind of application is SignalUpdater?

It has been discovered that SignalUpdater falls into a category known as adware, which is software designed to bombard users with intrusive advertisements. Adware developers often distribute it by using deceptive methods. The modus operandi of apps like SignalUpdater raises several concerns, including privacy, security, and the overall user experience.

What kind of malware is Infected?

During analysis of malware samples submitted to the VirusTotal website, a ransomware variant belonging to the MedusaLocker family dubbed Infected has been discovered. Infected restricts access to files by encrypting them and renames them by appending the ".infected" extension. Also, this ransomware provides a ransom note named "HOW_TO_BACK_FILES.html".

An example of how files affected (encrypted) by Infected are renamed: "1.jpg" is changed to "1.jpg. infected", "2.png" is renamed to "2.png.infected", and so forth.

What kind of application is ShoutSystem?

Following an assessment of the ShoutSystem app, it became apparent that its primary aim is to inundate users with intrusive advertisements. To put it differently, ShoutSystem operates as adware. It is common for applications like ShoutSystem to be disseminated using deceptive methods. They often do not provide any useful features.

What is searchparrot.world?

After a thorough examination of searchparrot.world, it has been ascertained that it functions as a fraudulent search engine. During this analysis, it was observed that searchparrot.world redirected to different websites and did not yield genuine search results. It is important to highlight that fraudulent search engines like this one are often promoted through browser hijacking techniques.

What kind of application is ReserveBroadband?

ReserveBroadband is a rogue application that we discovered while reviewing new file submissions to the VirusTotal platform.

Our inspection of this app revealed that it is advertising-supported software (adware) belonging to the AdLoad malware family. ReserveBroadband operates by delivering intrusive advertisement campaigns, and it may have other harmful capabilities.

What kind of application is ProjectorDigital?

While checking out new submissions to the VirusTotal website, our research team discovered the ProjectorDigital application. After examining it, we determined that it is advertising-supported software (adware). ProjectorDigital is part of the AdLoad malware family.

What kind of application is ResearchRise?

Our researchers found the ResearchRise application while reviewing new submissions to the VirusTotal site. After analyzing this piece of software, we learned that it is adware belonging to the AdLoad malware family. ResearchRise is designed to deliver intrusive advert campaigns.