Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is GuptiMiner?

GuptiMiner poses a significant threat, deploying backdoors throughout large corporate networks. In addition to this, GuptiMiner is known for distributing XMRig across infected devices, amplifying its impact and potential for exploitation. Organizations and individuals must remain vigilant and employ robust cybersecurity measures to safeguard against such advanced threats.

What is boyu.com.tr?

During our examination of boyu.com.tr, we discovered its association with bogus search engines and browser hijackers. Generally (although exceptions exist), boyu.com.tr serves as a final destination in redirection sequences instigated by third-party extensions. Consequently, individuals experiencing redirects to boyu.com.tr should scrutinize their browsers for any unwanted applications.

What is a fake "GALA" website?

While inspecting spam emails, we discovered one promoting a fake "GALA" website (aloor[.]net). This bogus site copies the real Gala Games blockchain gaming platform (gala.com). When users try to link their digital wallet to the scam website, it executes scripts to begin operating as a cryptocurrency drainer.

What kind of malware is Beast?

In our analysis of the malware dubbed Beast, we found that it functions as ransomware: upon infiltration, Beast encrypts files, presents a ransom note, and renames files. The discovery of Beast ransomware took place during our inspection of malware samples submitted to VirusTotal.

Beast appends a string of random characters (possibly a victim's ID) and the ".BEAST" extension to filenames. For example, it renames "1.jpg" to "1.jpg.{9FBBD051-19C1-DD7D-7970-05C896B93093}.BEAST", "2.png" to "2.png.{9FBBD051-19C1-DD7D-7970-05C896B93093}.BEAST", and so forth.

What kind of application is InternetGuardian?

Following our examination of the InternetGuardian application, its intended function remained unclear. Moreover, we observed deceptive distribution channels associated with this application. Consequently, we have classified InternetGuardian as an unwanted application. Users should approach such software with caution.

What is "Collaborative Teams" scam email?

During our investigation, we discovered that this email is a phishing attempt, falsely urging recipients to take specific actions. Phishing emails often masquerade as legitimate communications from trusted entities, aiming to deceive recipients into divulging personal information or performing actions that could compromise their security. Thus, this and similar emails should be ignored.

What kind of malware is ATCK?

Upon analysis, the ATCK malware was determined to be a member of the Dharma family and operate as ransomware. We discovered ATCK during the examination of malware samples submitted to VirusTotal. Upon infiltration, ATCK encrypts files, delivers two ransom notes ("info.txt" and a pop-up window containing a note), and alters file names.

When renaming files, ATCK appends the victim's ID, email address, and the ".ATCK" extension to filenames. For example, it changes "1.jpg" to "1.jpg.id-9ECFA84E.[attackattack@tutamail.com].ATCK", "2.png" to "2.png.id-9ECFA84E.[attackattack@tutamail.com].ATCK", and so forth.

What kind of application is WebCoordinator?

Our research team discovered the WebCoordinator application during a routine investigation of new submissions to the VirusTotal site. Upon examination, it became evident that WebCoordinator is adware from the AdLoad malware family. Advertising-supported software is designed to generate revenue through advertising.

What kind of application is System Utilities?

System Utilities is a piece of software endorsed as a system optimization tool capable of scanning folders, removing unused/junk files, uninstalling programs, eliminating autostart for software, etc. This app is promoted using dubious methods – hence, it is classed as a PUA (Potentially Unwanted Application). Software within this classification often has undesirable and potentially harmful capabilities.

What kind of email is "Products On LinkedIn"?

Upon inspection, we determined that the "Products On LinkedIn" email is spam. The letter is presented as a potential purchase inquiry. The goal of this mail is to deceive recipients into disclosing their email account log-in credentials to a phishing site.