Virus and Spyware Removal Guides, uninstall instructions

What is "Shipping Receipt"?

We have reviewed the email and determined that it is a scam email featuring a fake shipping receipt. Crafted by scammers, this deceptive email aims to deceive recipients into divulging personal information or falling victim to financial fraud. This type of email is commonly known as a phishing scam.

What kind of scam is "Claim $GBTC"?

"Claim $GBTC" is a scam that impersonates the Green Bitcoin platform (greenbitcoin.xyz). When users try to interact with the fake page (by "connecting" their digital wallet), it begins operating as a cryptocurrency drainer. Victims of this scam can have their digital assets stolen.

What kind of malware is Virus (MedusaLocker)?

Our research team found a ransomware named "Virus" while inspecting new submissions to the VirusTotal site. This malicious program is part of the MedusaLocker ransomware family.

We acquired a sample of Virus (MedusaLocker) ransomware and executed it on our testing system. The malware encrypted files and appended their filenames with a ".virus3" extension (note that the number in the extension may vary based on the ransomware's variant). For example, a file named "1.jpg" appeared as "1.jpg.virus3", "2.png" as "2.png.virus3", and so on.

Once the encryption was finished, a ransom-demanding message was dropped in an HTML file titled "How_to_back_files.html". This note makes it clear that Virus (MedusaLocker) ransomware targets companies rather than home users.

What is robustsearch.io?

In our analysis of robustsearch.io, we found that it is linked to fake search engines and browser hijackers. Typically (but not always), robustsearch.io acts as an endpoint in redirection chains initiated by third-party extensions. Therefore, users who encounter redirects to robustsearch.io should inspect their browsers for unwanted apps.

What kind of scam is "Incoming Unconfirmed Matic Transaction"?

Upon thorough examination of maticfaled[.]cloud, it became evident that it operates as a deceptive webpage with the intention of deceiving users. The site presents itself as a platform where users can receive Matic cryptocurrency by completing specific actions. Scammers use this page to steal cryptocurrency.

What kind of page is precludestore[.]com?

Our examination of precludestore[.]com shows that it is a deceptive website crafted to deceive visitors into consenting to receive notifications. Furthermore, precludestore[.]com might redirect visitors to similar deceptive websites. Therefore, it is advisable to avoid visiting precludestore[.]com.

What kind of page is msgmixesco[.]com?

During our examination of msgmixesco[.]com, we found that the site attempts to deceive visitors into taking specific actions. Additionally, msgmixesco[.]com can redirect users to other untrustworthy websites. Therefore, it is advisable to steer clear of msgmixesco[.]com and similar pages.

What kind of scam is "$PANDORA Airdrop"?

During our examination of the $PANDORA Airdrop, we discovered it to be a fraudulent operation disguised as an authentic cryptocurrency giveaway. The perpetrators behind this scam seek to deceive unsuspecting individuals into believing that participation will grant them access to free $PANDORA tokens. However, the actual intention behind this scheme is to steal cryptocurrency from victims.

What is "$gETH Token" scam?

Our analysis of the site (app.gas-back[.]xyz) determined that it is a scam website masquerading as a legitimate platform. The site's design and content are crafted to appear legitimate, enticing visitors with promises of compensation in digital currency. However, the true purpose of app.gas-back[.]xyz is to steal cryptocurrency from victims.

What kind of scam is "AVIATOR AIRDROP"?

After inspecting the "AVIATOR AIRDROP", we determined that it is a scam. This AVI token giveaway is supposedly run on the official AVIATOR platform (aviator.ac). When users attempt to participate in this airdrop, they are asked to connect their digital wallets. Once "connected", the scam begins operating as a cryptocurrency drainer.