Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Trust Wallet Connect"?

"Trust Wallet Connect" is a scam that imitates the official Trust Wallet website. It operates as a phishing page and targets cryptowallet log-in credentials by claiming bogus connection issues.

What kind of malware is Repair?

We discovered a malicious program called Repair while browsing new file submissions to the VirusTotal website. This software is part of the MedusaLocker ransomware family. Repair operates as data-encrypting ransomware.

On our testing system, the program encrypted files and appended their filenames with a ".repair" extension. Hence, a file initially named "1.jpg" looked like "1.jpg.repair", "2.png" like "2.png.repair", and so forth.

Once the encryption process was finished, an HTML file – "How_to_back_files.html" – containing the ransom note was created. In addition to demanding payment for the decryption, this ransomware utilizes double extortion techniques by threatening victims with data leaks.

What kind of scam is "Connect Collab Land"?

"Connect Collab Land" is a scam that imitates the Collab.Land platform. The scheme targets victims' digital assets by utilizing a cryptocurrency drainer. Exposing a cryptowallet to this scam can result in the theft of all the funds stored therein.

What kind of scam is "Nibiru Chain Engagement Airdrop"?

Upon inspection, we determined that the "Nibiru Chain Engagement Airdrop" is fake. This scam impersonates the Nibiru blockchain network (nibiru.fi). It entices users into exposing their digital wallets to a cryptocurrency drainer by promising rewards for their engagement.

What kind of malware is DumbStackz?

Our research team discovered DumbStackz while investigating new submissions to the VirusTotal site. This malicious program is based on the Chaos ransomware. DumbStackz is designed to encrypt files and demand payment for the decryption.

On our testing system, this ransomware encrypted files and added a ".DumbStackz" extension to their names. For example, a file titled "1.jpg" appeared as "1.jpg.DumbStackz", "2.png" as "2.png.DumbStackz", and so on for all of the locked files.

After this process was finished, DumbStackz changed the desktop wallpaper and created a ransom note in a text file named "read_it.txt".

What is "CLAIM FREE $TOSHI"?

In our examination of the site, we discovered that it promotes the opportunity for individuals to obtain free cryptocurrency ($TOSHI). However, this scheme is among many designed to steal cryptocurrency from victims. Users are strongly recommended to disregard such pages to prevent financial loss and other possible complications.

What kind is the fake "Save to Google Drive" browser extension?

Our research team discovered a fake Google extension – "Save to Google Drive" – while investigating a Torrenting site that uses rogue advertising networks. This extension has data-tracking abilities and can make various modifications to browser settings.

It must be emphasized that this "Save to Google Drive" software is not associated with the Google Drive file storage/synchronization service or its developer – Google.

What is the fake "Telegram Giveaway TON" page?

Upon investigating the site, we found it to be a fraudulent website posing as the official ton[.]org page. Scammers have crafted this deceptive webpage with the intention of swindling cryptocurrency from unsuspecting users. Their goal is to deceive users into taking actions that lead to the theft of their digital assets.

What kind of malware is Senator?

Through our analysis of the Senator malware, we determined that it is ransomware employed by cybercriminals to coerce victims to pay a ransom. We discovered Senator ransomware while examining malware samples on VirusTotal. In addition to encrypting files, Senator modifies filenames and drops a ransom note ("SENATOR ENCRYPTED.txt").

Senator renames files by appending an email address, victim's ID, and ".SENATOR" extension to filenames. For example, it renames "1.jpg" to "1.jpg.EMAIL=[senatorrans@gmail.com]ID=[A42C7FF44C09822A].SENATOR", "2.png" to "2.png.EMAIL=[senatorrans@gmail.com]ID=[A42C7FF44C09822A].SENATOR", and so forth.

What kind of email is "HSBC Transfer Request"?

After reviewing the "HSBC Transfer Request" email, we determined that it is fake. The spam letter is presented as a banking transfer request from HSBC; this lure is used to deceive recipients into disclosing their email log-in credentials to a phishing website.

It must be stressed that this mail is not associated with HSBC Holdings plc or any other legitimate entities.