Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "Email Account Will Expire"?

Upon inspection, we determined that "Email Account Will Expire" is spam. This phishing letter targets email log-in credentials by using false claims about the account's pending expiration. Stolen email accounts can be utilized for a variety of malicious purposes, and victims of such scams can experience severe problems.

What kind of scam is "UnitedHealthcare"?

We examined the email and found that it is crafted to extract personal information from victims. Such emails fall into the category of phishing emails, often camouflaged as communications from reputable companies, organizations, or entities in an attempt to deceive recipients. Such emails should be ignored.

What kind of malware is MIRROR?

Through our analysis of malware samples uploaded to VirusTotal, we determined that MIRROR is a ransomware variant belonging to the Dharma family. MIRROR's purpose is to encrypt files. Also, it renames files and provides two ransom notes (displays a pop-up window and creates the "info-MIRROR.txt" file).

MIRROR ransomware appends the victim's ID, tpyrcedrorrim@tuta.io email address, and ".Mr" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.id-9ECFA84E.[tpyrcedrorrim@tuta.io].Mr", "2.png" to "2.png.id-9ECFA84E.[tpyrcedrorrim@tuta.io].Mr", and so forth. Updated variant appends ".Mrb" extension instead of ".Mr".

What kind of application is DataControl?

Through our analysis of the app, we determined that DataControl falls into the category of advertising-supported applications. Its main function involves displaying intrusive advertisements to users. Besides showing annoying ads, DataControl may harvest various data. For these reasons, DataControl should be avoided.

What kind of application is MethodOnline?

Our research team discovered MethodOnline while checking out new submissions to the VirusTotal platform. Upon inspection, we determined that this application is advertising-supported software (adware) belonging to the AdLoad malware family.

What kind of scam is "BitDogs Mint Free"?

Upon inspection, we determined that "BitDogs Mint Free" is a scam. It offers users the opportunity to mint BitDogs NFTs (Non-Fungible Tokens) free of charge. However, once a victim connects their digital wallet to the scam – it starts operating as a cryptocurrency drainer.

What kind of email is "KYC (Know Your Customer) Verification"?

Our investigation of this "KYC (Know Your Customer) Verification" email revealed that it is spam. This fake message encourages recipients to undergo a KYC (Know Your Customer) verification process in order to secure their cryptocurrency wallets.

What kind of email is "Unclaimed Expensive Goods"?

After investigating the "Unclaimed Expensive Goods" email, we determined that it is spam. This letter makes an offer for the recipient to participate in a scheme. In this plot, they will be presented as a representative of a deceased Mossack Fonseca investor. Upon success of the plan, the email recipient will be able to obtain and then share with the sender the late investor's wealth.

It must be stressed that this offer is a scam, likely one targeting victims' personal information or money.

What kind of malware is VajraSpy?

VajraSpy is a remote access trojan (RAT) specifically designed for targeted espionage on Android devices. This malware exhibits a wide range of functionalities, including data theft, call recording, message interception, and even the capture of photos through the device's camera. VajraSpy's deployment involves seemingly innocuous apps.

What kind of malware is PrivateLoader?

PrivateLoader is a malicious program classed as a loader. Software within this classification is designed to cause chain infection by downloading/installing additional malware or other malicious content onto compromised machines.

PrivateLoader is also considered to be a malware family, as it arrives onto systems in different configurations primed to spread specific programs – and it has been used to cause a wide variety of infections ranging from information stealers to ransomware.

The PrivateLoader program has been around since at least the spring of 2021 and is believed to be the most prevalent loader in 2022. This malware has been linked to the ruzki (also known as zhigalsz, les0k) threat actors.