Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "Repair Response"?

After inspecting the "Repair Response" email, we determined that it is spam. This fake letter claims that multiple messages failed to reach the recipient's inbox due to an error caused by a server outage.

"Repair Response" promotes a phishing website disguised as an email account sign-in page. Hence, by trusting this spam mail – the user can have their email account stolen and experience other serious issues.

What is "Contract For Invoice"?

During our scrutiny of this email, our team identified it as a fraudulent notification, falsely claiming the sharing of a contract document with the recipients. The primary objective of this email is to entice recipients into accessing a deceptive website and providing their login credentials. Such emails are referred to as phishing emails.

What kind of malware is 6y8dghklp?

Our researchers discovered the 6y8dghklp ransomware while reviewing new submissions to the VirusTotal platform. This malicious program is part of the Phobos ransomware family.

On our test system, 6y8dghklp ransomware encrypted files and modified their filenames. Original names were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".6y8dghklp" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.id[9ECFA84E-3481].[datarecoverycenterOPG@onionmail.org].6y8dghklp".

After the encryption process was completed, ransom-demanding messages were created/displayed in a pop-up window ("info.hta") and text file ("info.txt").

What kind of app is ParasaurolophusWalkeri?

While examining the ParasaurolophusWalkeri browser extension, we came across disturbing activities, such as the enabling of the "Managed by your organization" feature in Chrome settings and the gathering of user data. Our interaction with ParasaurolophusWalkeri emerged as a result of our investigation into a malicious installer.

What is "Sign In Credentials Is Set To Expire"?

After a comprehensive review, our team has determined that the intention behind this email is to deceive recipients into disclosing their personal information. These emails are categorized as phishing attempts, and in this specific case, the scammers pose as an email service provider with the aim of tricking recipients into revealing sensitive data on a phishing page.

What kind of application is CommonBusiness?

Upon evaluating the CommonBusiness application, we have observed its frequent display of intrusive advertisements, categorizing it as adware. Users frequently install such applications like CommonBusiness without a full understanding of the potential consequences they may encounter. Such apps should not be trusted.

What kind of malware is Hgml?

While analyzing malware samples submitted to VirusTotal, we encountered a ransomware variant known as Hgml. This specific ransomware is crafted to encrypt files and modify their filenames by adding the ".hgml" extension. Additionally, Hgml creates a ransom note that can be found within a file named "_readme.txt".

An example of how Hgml alters filenames: it converts files like "1.jpg" into "1.jpg.hgml", "2.png" into "2.png.hgml" and so on. It is crucial to note that Hgml belongs to the Djvu ransomware family. Pretty often, cybercriminals distribute Djvu ransomware alongside information-stealing malware such as RedLine or Vidar.

What kind of malware is Hgkd?

During our examination of malware samples on the VirusTotal page, we came across the Hgkd ransomware, which is part of the Djvu family. When this ransomware infiltrates a computer, it encrypts data and appends the ".hgkd" extension to filenames. For instance, a file named "1.jpg" becomes "1.jpg.hgkd" and "2.png" is changed to "2.png.hgkd".

Aside from file encryption, Hgkd generates a ransom note, a text file named "_readme.txt". Moreover, the dissemination of Hgkd could potentially involve information-stealing malware like Vidar and RedLine.

What kind of page is systemsecurity[.]click?

While investigating suspect sites, our research team found the systemsecurity[.]click webpage. It is designed to promote scams and browser notification spam. This page can also redirect visitors to other (likely unreliable/dangerous) websites.

Users predominantly access systemsecurity[.]click and similar webpages through redirects generated by sites that employ rogue advertising networks.

What kind of software is Dragon Baby?

Our researchers discovered the Dragon Baby browser extension during a routine inspection of deceptive webpages. After analyzing this piece of software, we determined that it is a browser hijacker.

Dragon Baby makes changes to browser settings in order to promote the dragonboss.solutions fake search engine. Additionally, this extension spies on users' browsing activity.