Virus and Spyware Removal Guides, uninstall instructions

What kind of application is BalanceStack?

BalanceStack is the name of a rogue app that our research team discovered while investigating new submissions to the VirusTotal site. After inspecting this piece of software, we determined that it is adware. BalanceStack is part of the AdLoad malware family.

What kind of page is antivirus-scan[.]online?

Antivirus-scan[.]online is the URL of a rogue page. It is designed to promote scams and spam browser notifications. Additionally, this webpage can redirect visitors elsewhere (likely untrustworthy/malicious sites).

Users primarily access antivirus-scan[.]online and similar pages via redirects caused by websites using rogue advertising networks. We discovered antivirus-scan[.]online while investigating sites that employ said networks.

What kind of email is "American Express Account Has Been Locked"?

Our inspection of the "American Express Account Has Been Locked" email revealed that it is a phishing scam. This mail makes false claims regarding a failed cardless purchase. The aim is to deceive recipients into disclosing their account log-in credentials.

It must be emphasized that this scam email is in no way associated with the real American Express Company.

What kind of application is CenterEssence?

Our researchers found the CenterEssence rogue app while inspecting new submissions to VirusTotal. After investigating this application, we determined that it is advertising-supported software (adware). CenterEssence belongs to the AdLoad malware family.

What kind of software is Architecture Backgrounds?

Architecture Backgrounds is an extension that promises to display browser wallpapers depicting architecture. After analyzing this piece of software, we determined that it is a browser hijacker. Architecture Backgrounds modifies browser settings to promote (through redirects) the search.brandclick.com illegitimate search engine.

What kind of page is treasureprize[.]top?

Upon investigating treasureprize[.]top, we discovered it to be a deceitful webpage designed to deceive visitors into subscribing to its notifications. It is worth mentioning that users rarely open sites like treasureprize[.]top intentionally. Also, these pages can be designed to redirect users to other unreliable sites.

What kind of page is bciseo[.]com?

Our research team found the bciseo[.]com rogue page during a routine investigation of untrustworthy websites. It is designed to promote spam browser notifications and redirect visitors to other (likely dubious/malicious) sites.

Users primarily access pages like bciseo[.]com through redirects caused by websites that utilize rogue advertising networks.

What kind of malware is XWorm?

XWorm is the name of a remote administration/access Trojan (RAT). RATs are malicious programs designed to grant unauthorized access and control over a victim's computer. Cybercriminals use RATs to remotely monitor user activities, steal sensitive data, and execute various malicious actions on the compromised system. XWorm is sold by its developers for $400.

What kind of malware is G-STARS (Phobos)?

G-STARS is a malicious program belonging to the Phobos ransomware family that our research team discovered while reviewing new submissions to the VirusTotal site. Malware within this classification is designed to encrypt data and demand payment for its decryption.

On our test machine, G-STARS (Phobos) ransomware encrypted files and altered their titles. Original filenames were appended with a unique ID, the cyber criminals' email address, and a ".G-STARS" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3442].[support.antimalware@onionmail.com].G-STARS". Afterward, ransom notes were created in a text file ("info.txt") and a pop-up window ("into.hta").

What is "You Have Received A Secure Message"?

Upon analyzing this email, our team has determined its intention to deceive recipients into disclosing personal information. Scammers behind this message seek to lure victims into providing sensitive data through a deceptive attachment. These types of emails are known as phishing emails.