Virus and Spyware Removal Guides, uninstall instructions

What kind of application is TechWebNavigator?

TechWebNavigator is a rogue application that we found during a routine investigation of new file submissions to the VirusTotal site. After analyzing this piece of software, we determined that it is adware belonging to the AdLoad malware family. TechWebNavigator runs intrusive ad campaigns and may have additional harmful capabilities.

What kind of scam is "De.Fi Launchpad Airdrop"?

Upon inspection of the "De.Fi Launchpad Airdrop", we determined that it is a scam. This scheme imitates the legitimate De.Fi online platform, and the known domains used by the fake sites mimic that of the original – de.fi (https://de.fi/).

The scam is presented as an airdrop of an unspecified token. Its goal is to lure users into exposing their digital wallets, and once this is achieved – the scheme starts operating as a cryptocurrency drainer.

What kind of email is "UKNL Board Online Sweepstakes"?

Upon inspection of the "UKNL Board Online Sweepstakes" email, we determined that it is spam. This bogus missive claims that the recipient has won £350,000 in an Online Sweepstakes.

The email name drops several genuine entities, clearly hoping to create a sense of legitimacy. This spam mail likely aims to deceive recipients into disclosing sensitive information and/or transferring funds to scammers.

What kind of malware is Backoff?

Our research team discovered the Backoff ransomware while investigating new submissions to the VirusTotal website. This malicious program is based on the Chaos ransomware family. Malware within this category encrypts data and demands ransoms for its decryption.

Backoff encrypted files and appended their names with a ".backoff" extension on our test machine. To elaborate, an original title such as "1.jpg" appeared as "1.jpg.backoff", "2.png" as "2.png.backoff", and so on. Afterward, this ransomware changed the desktop wallpaper and created a ransom note titled "read_it.txt".

What kind of program is PachyrhinosaurusLakustai?

Our analysis of the PachyrhinosaurusLakustai app revealed worrisome capabilities, such as reading and altering data on websites, managing browser themes and extensions, and activating the "Managed by your organization" feature in Chrome and Edge browsers. Its distribution is facilitated through a malicious installer, which includes other dubious apps.

What kind of application is HelperFraction?

Our researchers found the HelperFraction application while checking out new file submissions to VirusTotal. Following our analysis, we determined that this app is advertising-supported software (adware). HelperFraction is also part of the AdLoad malware family. Applications within this group run intrusive ad campaigns and may have other harmful capabilities.

What kind of program is StratocumulusCastellanus?

When examining the app, we noted that StratocumulusCastellanus is a shady app that can read and change data on websites, manage themes and extensions within a browser, and activate the "Managed by your organization" feature in Chrome and Edge browsers. Moreover, StratocumulusCastellanus is distributed via a malicious installer.

What kind of malware is Frivinho?

While investigating new file submissions to the VirusTotal site, our research team discovered the Frivinho ransomware. This malicious program operates by encrypting data and demanding payment for its decryption.

On our test machine, this ransomware encrypted files and appended their filenames with a ".Frivinho0[cold_face_emoji]" extension ("cold_face_emoji" stands for an actual emoji). For example, a file initially titled "1.jpg" appeared as "1.jpg.Frivinho0[cold_face_emoji]", "2.png" as "2.png.Frivinho0[cold_face_emoji]", etc.

Once the encryption process was finished, Frivinho changed the desktop wallpaper and created a ransom note named "PLS_READ_ME.txt".

What is "Trust Wallet Mystery Box"?

Upon inspecting this webpage and the associated post on X (Twitter) promoting it, it became evident that it constitutes a fraudulent giveaway, designed as a scam to pilfer cryptocurrency from unsuspecting individuals. Scammers commonly use enticing prizes or giveaways to attract victims into falling for their deceptive schemes.

What is Activator?

Recently, cracked apps on pirating websites that carried a Trojan proxy were discovered. The bad actors took pre-cracked apps, repackaged them as PKG files, and hid a Trojan proxy along with a script to infect systems after installation. The application named Activator is also involved in the malicious campaign.