Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Bitcoin L2 Restaking"?

After examining this "Bitcoin L2 Restaking" online platform, we determined it is fake. This scam operates as a cryptocurrency drainer. Once a digital wallet is "connected" to this scheme, a mechanism is initiated that begins emptying it of funds.

What kind of email is "Quotation Request"?

Upon examination, we determined that "Quotation Request" is malspam. This email is presented as a potential purchase inquiry. The goal is to deceive recipients into opening the malicious attachment and infecting their devices with the Agent Tesla malware.

What kind of email is "Confirm Bank Account"?

After investigating the "Confirm Bank Account" email, we determined that it to be spam. This letter proclaims that the recipient's pending transfer of 1.3 million GBP (pound sterling) has been approved. The funds will be transferred within four days following confirmation of the banking account. It must be emphasized that this information is false, and it is not associated with any legitimate entities.

What kind of scam is "PYTH Retrospective Airdrop"?

After inspecting this "PYTH Retrospective Airdrop", we determined that it is fake. The scam imitates the Pyth Network and uses an airdrop as a lure. It operates as a cryptocurrency drainer that empties victims' digital wallets of funds.

What kind of email is "Giveaway Of Lottery Winnings"?

After reading the "Giveaway Of Lottery Winnings" email, we found it evident that this mail is spam. It informs the recipient that a lottery winner has randomly selected them to receive part of their winnings. This email likely operates as a phishing scam or seeks to trick victims into transferring funds to scammers.

What kind of malware is NiceRAT?

NiceRAT is a malware that operates as a RAT (Remote Access Trojan). It is a multifunctional and versatile malicious program with significant data-stealing capabilities. NiceRAT is written in the Python programming language. Its developers are offering the trojan as a free and a premium version.

What is "Shipping Receipt"?

We have reviewed the email and determined that it is a scam email featuring a fake shipping receipt. Crafted by scammers, this deceptive email aims to deceive recipients into divulging personal information or falling victim to financial fraud. This type of email is commonly known as a phishing scam.

What kind of scam is "Claim $GBTC"?

"Claim $GBTC" is a scam that impersonates the Green Bitcoin platform (greenbitcoin.xyz). When users try to interact with the fake page (by "connecting" their digital wallet), it begins operating as a cryptocurrency drainer. Victims of this scam can have their digital assets stolen.

What kind of malware is Virus (MedusaLocker)?

Our research team found a ransomware named "Virus" while inspecting new submissions to the VirusTotal site. This malicious program is part of the MedusaLocker ransomware family.

We acquired a sample of Virus (MedusaLocker) ransomware and executed it on our testing system. The malware encrypted files and appended their filenames with a ".virus3" extension (note that the number in the extension may vary based on the ransomware's variant). For example, a file named "1.jpg" appeared as "1.jpg.virus3", "2.png" as "2.png.virus3", and so on.

Once the encryption was finished, a ransom-demanding message was dropped in an HTML file titled "How_to_back_files.html". This note makes it clear that Virus (MedusaLocker) ransomware targets companies rather than home users.

What is robustsearch.io?

In our analysis of robustsearch.io, we found that it is linked to fake search engines and browser hijackers. Typically (but not always), robustsearch.io acts as an endpoint in redirection chains initiated by third-party extensions. Therefore, users who encounter redirects to robustsearch.io should inspect their browsers for unwanted apps.