Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Burntcigar?

Burntcigar is a piece of malware that cybercriminals frequently employ in ransomware attacks, specifically with the Cuba ransomware variant. Burntcigar scans for process names that appear to be associated with well-known antivirus (AV) or endpoint detection and response (EDR) products. It then includes the process IDs of these identified processes in the stack for termination at a later stage.

What kind of page is malware-remover[.]online?

Our researchers discovered the malware-remover[.]online rogue page while inspecting suspicious websites. It operates by running scams and promoting spam browser notifications. This webpage can also redirect users to different (likely dubious/malicious) sites.

Most visitors to malware-remover[.]online and similar pages access them via redirects caused by websites that use rogue advertising networks.

What kind of software is One Click Pic?

During a routine investigation of unreliable websites, our research team discovered the One Click Pic browser extension. It is promoted as a tool that allows users to easily download images from sites (i.e., one-click download of all images depicted on a webpage).

However, after inspecting this piece of software, we determined that it is adware. One Click Pic is designed to feed users with unwanted and potentially malicious ads.

What kind of page is pclifebasics[.]com?

Pclifebasics[.]com is the address of a rogue site promoting scams and browser notification spam. This webpage can also redirect visitors to other (likely unreliable/harmful) sites.

Most users access pclifebasics[.]com and pages akin to it via redirects generated by websites utilizing rogue advertising networks. Our researchers discovered pclifebasics[.]com while investigating webpages that use said networks.

What kind of email is "Overdue Invoice"?

After analyzing the "Overdue Invoice" email, we determined that it is spam. The letter urges the recipient to pay an overdue invoice and continue the positive working relationship with the sender. Details of the supposed invoice can be found in the attachment, which is a phishing file targeting email account log-in credentials.

What kind of application is EdgeCommand?

While investigating new submissions to the VirusTotal platform, we found the EdgeCommand application. Our examination revealed that it is adware belonging to the AdLoad malware family. EdgeCommand operates by running intrusive advertisement campaigns.

What kind of malware is AIRAVAT?

AIRAVAT is a Remote Access Trojan (RAT) targeting Android devices. Malware classed as such operates by enabling remote access and control over victims' machines. AIRAVAT has a wide variety of harmful functionalities, ranging from spying to data theft.

What kind of malware is 3AM?

3AM (also known as ThreeAM) is ransomware written in Rust programming language. The purpose of 3AM is to encrypt files. After finishing the encryption process, it makes an effort to delete Volume Shadow (VSS) copies. Additionally, 3AM appends the ".threeamtime" extension to the filenames of encrypted files and provides a ransom note named "RECOVER-FILES.txt".

An example of how 3AM modifies filenames: it changes "1.jpg" to "1.jpg.threeamtime", "2.png" to "2.png.threeamtime", and so forth.

What kind of application is ElasticPortable?

Our research team discovered the ElasticPortable app during a routine inspection of new submissions to VirusTotal. After analyzing this application, we learned that it is adware belonging to the AdLoad malware family. This advertising-supported software is designed to generate revenue for its developers by feeding users with unwanted and deceptive adverts.

What kind of application is StratusNebulosus?

Our team discovered the StratusNebulosus browser extension during the analysis of a malicious installer obtained from an unreliable website. We found that StratusNebulosus can perform various actions once added. For instance, it can enable the "Managed by your organization" feature in Chrome browsers. Users should avoid having StratusNebulosus added to their browsers.