Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Virus Has Been Detected On Your Device"?

While examining deceptive websites, we discovered the "Virus Has Been Detected On Your Device" technical support scam. It makes false claims regarding infections on the visitor's device and it being blocked due to illegal activity. The goal is to trick victims into calling the provided fake helpline and thus entangling them into a scam.

What kind of page is allcommonstories[.]com?

While investigating questionable websites, our researchers discovered the allcommonstories[.]com rogue page. It is designed to promote browser notification spam and redirect visitors to other (likely unreliable/hazardous) sites.

Most users enter allcommonstories[.]com and webpages akin to it via redirects caused by sites that employ rogue advertising networks.

What kind of application is OpticalFraction?

Our research team found the OpticalFraction rogue application during a routine inspection of new submissions to the VirusTotal website. After investigating this app, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family.

What kind of application is FormatClick?

While inspecting new submissions to the VirusTotal website, we discovered the FormatClick application. After investigating this piece of software, we determined that FormatClick is adware, and that it is part of the AdLoad malware family.

What kind of malware is Muggle?

Muggle is the name of an information stealer developed using the Go programming language. This malware is capable of stealing passwords, capturing screenshots, and gathering certain system information. Muggle should be removed from infected operating systems as soon as possible.

What kind of malware is TOITOIN?

TOITOIN is a trojan-type malware with information-stealing capabilities. This piece of malicious software has been observed as the final payload in sophisticated multi-stage infections. The attacks were highly targeted and leveraged against businesses based in the Latin American region.

What kind of scam is "Your Account Will Be Blocked"?

Upon examining this email, we have determined it to be a phishing attempt. The content of the email has been crafted by fraudsters who impersonate an email service provider to trick unsuspecting recipients into divulging personal information on a fraudulent website. It is highly recommended that recipients disregard and refrain from engaging with such emails.

What is "Requested Documents"?

Upon examination of this email, we have determined that it is a fraudulent message falsely purporting to be related to the requested documents. The intention behind this email is to deceive recipients into unknowingly executing malware via the attached PDF document. The specific malware being distributed through this malicious spam campaign is referred to as Qakbot.

What kind of application is ViewInput?

During our analysis of the ViewInput application, we observed its intrusive advertising behavior, leading us to classify it as adware. Adware is commonly distributed through questionable means, which can result in unintentional installation by unsuspecting users. Apps of this kind should not be trusted.

What kind of malware is Gayn?

While examining malware samples submitted to the VirusTotal website, our analysis revealed the presence of a ransomware variant called Gayn. This ransomware employs file encryption to block access to files and modifies filenames by adding the ".gayn" extension. Additionally, it generates a ransom note, a file named "_readme.txt".

An example showcasing the filename modification performed by Gayn is the transformation of "1.jpg" into "1.jpg.gayn" and "2.png" into "2.png.gayn", and so forth. It is worth mentioning that Gayn is a member of the Djvu ransomware family, which is known to be distributed by threat actors in conjunction with information stealers such as RedLine and Vidar.