Virus and Spyware Removal Guides, uninstall instructions

What is Sorano Bot?

Sorano Bot is malware that can be used to download and run files on the infected system, view opened websites, change cryptocurrency wallet addresses saved in the system clipboard, mine cryptocurrency, and take screenshots. Sorano Bot can be purchased on a hacker forum for 4890₽/99$.

What is New Tab Theme Buddy?

New Tab Theme Buddy is rogue software endorsed as a tool for customizing browser themes and wallpapers, creating personalized greetings, and so on. Following successful infiltration, it makes modifications to browser settings to promote search.searchworm.com (a fake search engine).

Due to this, it is classified as a browser hijacker. Additionally, New Tab Theme Buddy collects browsing-related information, which makes it a serious privacy concern. Since most users install this browser hijacker inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is dailyuploads[.]net?

dailyuploads[.]net is a file sharing website which employs rogue advertising networks. I.e., it promotes various bogus websites that can promote other pages of this kind, potentially unwanted applications (PUAs), etc. Therefore, do not use dailyuploads[.]net or trust websites that it opens.

What is robotornotcheckonline[.]icu website?

robotornotcheckonline[.]icu is a rogue site sharing similarities with the-best-push-news.com, alltopposts.com, reightpainf.top and many others. Once this web page is accessed, visitors are presented with dubious content and/or are redirected to other untrusted or even malicious websites.

Typically, sites such as robotornotcheckonline[.]icu are entered inadvertently - most users are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed on their devices. This software does not need explicit user consent to infiltrate systems.

PUAs cause redirects, deliver intrusive ad campaigns and collect browsing-related information.

What is ALVIN ransomware?

ALVIN is a ransomware-type program. Systems infected suffer data encryption and users receive ransom demands for decryption.

During the encryption process, all affected files are renamed following this pattern: "[rimon.argan@gmail.com][id=victim's_ID][original_filename].ALVIN", which consists of the cyber criminals' email address, unique ID assigned to the victims, the file's original title and the ".ALVIN" extension.

For example, a file named "1.jpg" would appear as something similar to "[rimon.argan@gmail.com][id=5AE4D12C]1.jpg.ALVIN" following encryption. Once this process is complete, text files named "HOW TO RECOVER ENCRYPTED FILES.txt" are dropped into compromised folders.

What is Pizhon?

Discovered by GrujaRS, Pizhon ransomware encrypt files, renames them, and provides instructions about how to contact the developers and various other details. Pizhon renames files by appending the ".pizhon" extension with a string of random characters.

For example, "1.jpg" is renamed to "1.jpg.pizhon-3f7d14a8467d2bc2", "2.jpg" to "2.jpg.pizhon-4f8e25b9578e3cb3", etc. It also creates a ransom message (within the "!!!README!!!.txt" file) in all folders that contain encrypted files.

What is the-best-push-news[.]com?

the-best-push-news[.]com is promoted via dubious websites, deceptive advertisements, and potentially unwanted applications (PUAs). I.e., users do often not visit these websites intentionally. There are many other examples on the web including alltopposts[.]com, reightpainf[.]top and content4you[.]net.

What is Xdddd ransomware?

Xdddd is malicious software and part of the Paradise ransomware group. Systems infected with this malware have their data encrypted, filenames altered, and users receive ransom demands for decryption tools.

During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".xdddd" extension. For example, "1.jpg" would appear as something similar to "1.jpeg[id-1EcoY95E].[asdasda@hotmail.com].xdddd" for all affected files.

After this process is complete, ransom-demand messages in "#DECRYPT MY FILES#.html" are dropped into compromised folders.

What is USAA email scam?

Commonly, phishing emails such as this example are used to trick recipients into providing sensitive information such as credit card details, login credentials (emails, usernames, passwords) or other details, which could be misused for malicious purposes.

Generally, cyber criminals attempt to trick recipients into proving this information by disguising their emails as important and official and/or by exploiting names of legitimate companies. In this particular case, an email is disguised as a message from USAA, a legitimate financial services company.

What is Abaddon?

Abaddon is a Remote Access Trojan (RAT) that receives commands via Discord. I.e., this RAT uses Discord as its Command and Control (C2) server. Additionally, Abaddon has a ransomware feature and could be used to execute commands to encrypt files.

Therefore, cyber criminals might use this malware to collect sensitive information and also to prevent victims from accessing their system and force them to pay a ransom.