Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is ATCK?

Upon analysis, the ATCK malware was determined to be a member of the Dharma family and operate as ransomware. We discovered ATCK during the examination of malware samples submitted to VirusTotal. Upon infiltration, ATCK encrypts files, delivers two ransom notes ("info.txt" and a pop-up window containing a note), and alters file names.

When renaming files, ATCK appends the victim's ID, email address, and the ".ATCK" extension to filenames. For example, it changes "1.jpg" to "1.jpg.id-9ECFA84E.[attackattack@tutamail.com].ATCK", "2.png" to "2.png.id-9ECFA84E.[attackattack@tutamail.com].ATCK", and so forth.

What kind of application is WebCoordinator?

Our research team discovered the WebCoordinator application during a routine investigation of new submissions to the VirusTotal site. Upon examination, it became evident that WebCoordinator is adware from the AdLoad malware family. Advertising-supported software is designed to generate revenue through advertising.

What kind of application is System Utilities?

System Utilities is a piece of software endorsed as a system optimization tool capable of scanning folders, removing unused/junk files, uninstalling programs, eliminating autostart for software, etc. This app is promoted using dubious methods – hence, it is classed as a PUA (Potentially Unwanted Application). Software within this classification often has undesirable and potentially harmful capabilities.

What kind of email is "Products On LinkedIn"?

Upon inspection, we determined that the "Products On LinkedIn" email is spam. The letter is presented as a potential purchase inquiry. The goal of this mail is to deceive recipients into disclosing their email account log-in credentials to a phishing site.

What kind of malware is Sharp?

Sharp is a stealer-type malware. This malicious program is capable of extracting vulnerable information from browsers, gaming-related software, messengers, cryptocurrency wallets, and other apps.

Based on the data profile sought by Sharp stealer, it is possible that this malware targets gamers. Sale of this information (e.g., accounts, valuable in-game assets, real-world financial details, etc.) is popular in the cybercrime space.

What kind of application is Silver Wave?

Our researchers found the Silver Wave app bundled in an installer endorsed by a deceptive webpage, which was accessed via a redirect from a Torrenting website that employs rogue advertising networks. Aside from containing the Silver Wave PUA (Potentially Unwanted Application), the installation setup included other undesirable and possibly malicious software.

What kind of malware is MadMxShell?

MadMxShell is malware, a backdoor designed to infiltrate Windows systems. What sets it apart is its method of communication with its C2 server. Instead of using conventional channels, like direct connections or standard internet protocols, MadMxShell employs DNS MX queries for communication.

What is the fake "$MAGE PRESALE REGISTRATION"?

After examining this "$MAGE PRESALE REGISTRATION" website (presale.magebtc-register[.]com), we determined that it is a scam. The fake webpage is running a presale for the Mage token. Users who "register" for this event expose their cryptowallets to a cryptocurrency drainer, which is designed to siphon digital assets.

What kind of page is getgriascenter[.]com?

During our assessment of getgriascenter[.]com, it was discerned that this page is deceptive. The only purpose of this page is to trick visitors into agreeing to receive notifications. As a rule, notifications from sites like getgriascenter[.]com lead to unreliable websites. Thus, getgriascenter[.]com should be avoided.

What kind of email is "Standard Bank IT3(b) Policy"?

After investigating the "Standard Bank IT3(b) Policy" email, we determined that it is fake. It is presented as a notification from South Africa's Standard Bank regarding an IT3(b) policy update. This spam mail aims to trick recipients into providing their online bank log-in credentials to a phishing website.

It must be reiterated that this email is fraudulent, and it is not associated with the actual Standard Bank Group Limited – a South African bank and financial services group.