Virus and Spyware Removal Guides, uninstall instructions

What kind of page is choalauysurvey[.]top?

Our research team discovered the choalauysurvey[.]top rogue page while inspecting dubious websites. It operates by promoting browser notification spam and by redirecting visitors to other (likely unreliable/dangerous) sites. Users typically enter pages like choalauysurvey[.]top via redirects caused by websites that utilize rogue advertising networks.

What kind of application is Elevate Tab?

While examining the Elevate Tab browser extension, our team noticed that it makes certain changes in the settings of a web browser. Elevate Tab modifies those settings to promote a fake search engine search.elevatetab.com. Apps that exhibit such behavior are known as browser hijackers.

What kind of malware is 2QZ3?

Our research team found the 2QZ3 ransomware while investigating new submissions to the VirusTotal website. This malicious program is part of the Phobos ransomware family. 2QZ3 is designed to encrypt data and demand payment for its decryption.

On our test machine, the encrypted files were renamed by being appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".2QZ3" extension. For example, an original filename such as "1.jpg" appeared as "1.jpg.id[9ECFA84E-3449].[qweasd@toke.com].2QZ3" following encryption.

After this process was completed, 2QZ3 ransomware created/displayed ransom notes in a pop-up window ("info.hta") and a text file ("info.txt").

What kind of malware is Khronos?

While checking the VirusTotal page for recently submitted samples, our team discovered Khronos - ransomware that encrypts files. Also, Khronos renames files by appending the ".khronos" extension. For instance, it renames "1.jpg" to "1.jpg.khronos", "2.png" to "2.png.khronos", and so forth. After the encryption process is completed, Khronos provides a ransom note (creates the "info.hta" file).

What is "Blockchain.com - Your Account Is Locked"?

After analyzing this email, our team identified it as a crypto-related phishing attempt. The scammers masquerade as the blockchain[.]com team and aim to deceive recipients into divulging sensitive information on a phishing website. Recipients should remain cautious and avoid falling victim to such fraudulent schemes.

What kind of malware is KiRa?

KiRa is ransomware that our team discovered while analyzing malware samples submitted to the VirusTotal page. KiRa encrypts data, appends a random extension consisting of four characters to filenames, changes the desktop wallpaper, and drops a text file containing a ransom note ("read it!!.txt").

An example of how KiRa renames files: it changes "1.jpg" to "1.jpg.szem", "2.png" to "2.png.mo3y", and so forth.

What kind of application is Soccer Skills?

Based on our examination, we have determined that the Soccer Skills browser extension operates as a browser hijacker. Our findings indicate that Soccer Skills alters certain browser settings to promote hsrc-withus.com. Our analysis has uncovered that hsrc-withus.com is a fake search engine designed to appear legitimate.

What kind of page is harmonypix[.]com?

Harmonypix[.]com is a rogue page that our research team discovered during a routine inspection of suspicious websites. Its purpose is to trick visitors into receiving spam browser notifications. Additionally, this webpage can redirect users to other (likely unreliable/hazardous) sites.

Most visitors enter pages like harmonypix[.]com through redirects caused by websites that employ rogue advertising networks.

What kind of page is browser-shielding[.]com?

Our researchers discovered the browser-shielding[.]com rogue webpage during a routine investigation of questionable sites. This page is designed to promote scams and browser notification spam. It can also redirect users to different (likely untrustworthy/dangerous) websites.

Visitors to browser-shielding[.]com and similar pages access them primarily via redirects generated by sites that utilize rogue advertising networks.

What kind of malware is SSEAR?

SSEAR is malware that operates as ransomware. Its purpose is to prevent victims from accessing their files by encrypting them. Also, SSEAR appends "_SSEAR" to filenames (e.g., it renames "1.jpg" to "1.jpg_SSEAR", "2.png" to "2.png_SSEAR", etc.), and displays a ransom note in a pop-up window.