Virus and Spyware Removal Guides, uninstall instructions

What is the fake "Azim Premji Philanthropies Foundation-India" email?

"Azim Premji Philanthropies Foundation-India" email scam - refers to a spam campaign, distributing deceptive messages that claim recipients have been selected to receive a significant sum of money. The term "spam campaign" defines a mass-scale operation during which thousands of scam emails are sent.

To elaborate on this spam campaign, these messages inform users that they are to receive a monetary grant/donation from a renown philanthropist. This scheme employs the name of Azim Premji, an Indian business magnate, engineer, investor and philanthropist.

Note that these scam emails are in no way associated with Azim Premji or the Azim Premji Foundation. The purpose of the messages is to gain recipients' trust and then abuse it for profit.

What is nwithough[.]top?

nwithough[.]top is a bogus website that opens other sites of this kind or loads dubious content. It is similar to sbecome[.]online, emindeed[.]top, sionremai[.]fun and many other rogue websites.

Note that users do not often visit these sites intentionally - they are opened by browsers that have potentially unwanted applications (PUAs) installed on them.

What is the Legend ransomware?

Legend is a malicious program, which is part of the Voidcrypt ransomware family. Systems infected with this malware experience data encryption and users receive random demands for decryption.

During the encryption process, all compromised files are renamed following this pattern: original filename, cyber criminals' email address, unique ID assigned to the victims, and the ".legend" extension.

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.[legendencrypt1@criptext.com][DISUBXG5M4F2CQ6].legend" following encryption. After this process is complete, ransom-demand messages within "!INFO.HTA" files are dropped into affected folders.

What is Mail - Quarantined email scam?

Scammers behind this phishing email attempt to trick recipients into opening a deceptive website and providing their email account login credentials.

Note that emails of this type can be used to deceive recipients into providing other sensitive details as well. For example, bank account numbers, social security numbers, credit card details, etc.

What is RIP lmao?

RIP lmao (also known as JCrypt) ransomware renames encrypted files by appending the ".jcrypt" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.jcrypt", "2.jpg" to "2.jpg.jcrypt", and so on. Depending on the variant, extension may also differ (e.g., ".l33ch", ".omero" extensions).

RIP lmao also displays a pop-up window and generates the "___RECOVER__FILES__.jcrypt.txt" text file, both of which are ransom messages that contain contact and payment information.

Fortunately, current variants of RIP lmao ransomware are decryptable; Avast has released a free decryption tool for this malware (more information below).

What is FlexibleProtocol?

FlexibleProtocol is an adware-type application with browser hijacker characteristics. It operates by delivering intrusive advertisement campaigns and making changes to browser settings to promote fake search engines. In addition, this app has data tracking capabilities, which are used to collect browsing-related information.

Due to the dubious techniques employed in FlexibleProtocol's distribution, it is also classified as a Potentially Unwanted Application (PUA).

What is sbecome[.]online website?

sbecome[.]online is an untrusted site, sharing many similarities with emindeed.top, sionremai.fun, titionasses.fun and thousands of others. Pages of this type are designed to present visitors with dubious material and/or redirect them to other rogue and even malicious websites.

Users rarely access sbecome[.]online or similar sites intentionally - typically, they are redirected to them by intrusive advertisements or by Potentially Unwanted Applications (PUAs). These apps do not require explicit user permission to be installed onto systems. PUAs operate by causing redirects, running intrusive advertisement campaigns and collecting browsing-related information.

What is SearchGuard — Smart Search?

SearchGuard — Smart Search changes specific browser settings to searchwarden.com, the address of a fake search engine. It is likely that this app also collects browsing data and other information. Browser hijackers are often downloaded and installed by users inadvertently and, therefore, SearchGuard — Smart Search and other apps of this type are categorized as potentially unwanted applications (PUAs).

What is the fake "Banco Montepio" email?

"Banco Montepio email scam" refers to a spam campaign, designed to extract recipients' banking credentials (i.e. usernames and PIN codes / passwords). The term "spam campaign" is used to define a mass-scale operation, during which thousands of deceptive emails are sent.

The messages distributed through this spam campaign, inform recipients that unusual transactions have been detected on their banking accounts and they must update account security to prevent them from being suspended.

These scam emails are disguised as notifications from Banco Montepio, a Portuguese banking and mutual savings organization. In fact, the fake messages are in no way associated with the Montepio bank.

The goal of this scam is to trick users into attempting to log-in to their banking accounts via a link provided in the emails, which leads to a phishing website.

What is emindeed[.]top?

emindeed[.]top is similar to sionremai[.]fun, thehugefeed[.]com, titionasses[.]fun and many other pages. Typically, users do not visit these sites intentionally - they are opened by browsers that have potentially unwanted applications (PUAs) installed on them. They are also promoted via other dubious web pages or deceptive advertisements.