Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Your Account Will Be Blocked"?

Upon examining this email, we have determined it to be a phishing attempt. The content of the email has been crafted by fraudsters who impersonate an email service provider to trick unsuspecting recipients into divulging personal information on a fraudulent website. It is highly recommended that recipients disregard and refrain from engaging with such emails.

What is "Requested Documents"?

Upon examination of this email, we have determined that it is a fraudulent message falsely purporting to be related to the requested documents. The intention behind this email is to deceive recipients into unknowingly executing malware via the attached PDF document. The specific malware being distributed through this malicious spam campaign is referred to as Qakbot.

What kind of application is ViewInput?

During our analysis of the ViewInput application, we observed its intrusive advertising behavior, leading us to classify it as adware. Adware is commonly distributed through questionable means, which can result in unintentional installation by unsuspecting users. Apps of this kind should not be trusted.

What kind of malware is Gayn?

While examining malware samples submitted to the VirusTotal website, our analysis revealed the presence of a ransomware variant called Gayn. This ransomware employs file encryption to block access to files and modifies filenames by adding the ".gayn" extension. Additionally, it generates a ransom note, a file named "_readme.txt".

An example showcasing the filename modification performed by Gayn is the transformation of "1.jpg" into "1.jpg.gayn" and "2.png" into "2.png.gayn", and so forth. It is worth mentioning that Gayn is a member of the Djvu ransomware family, which is known to be distributed by threat actors in conjunction with information stealers such as RedLine and Vidar.

What kind of malware is Gazp?

Gazp is ransomware belonging to the Djvu family that employs encryption to lock data and appends the ".gazp" extension to file names. Additionally, Gazp generates a "_readme.txt" file that contains instructions for contacting the attackers and making ransom payments.

It is common for Djvu ransomware to be distributed in conjunction with information stealers like RedLine or Vidar. Our team discovered Gazp during our analysis of malware samples submitted to VirusTotal. An example of how Gazp transforms file names: it changes "1.jpg" to "1.jpg.gazp" and "2.png" to "2.png.gazp" and so forth.

What kind of application is ResultsDisplay?

ResultsDisplay is a rogue application we discovered while investigating new submissions to the VirusTotal website. Our analysis of this app revealed that it is adware. ResultsDisplay is part of the AdLoad malware family.

What kind of application is ActiveProtocol?

Our research team found the ActiveProtocol app while inspecting new submissions to VirusTotal. After examining this application, we determined that ActiveProtocol is adware belonging to the AdLoad malware family.

What kind of email is "OneDrive Purchase Order"?

After inspecting the "OneDrive Purchase Order" email, we determined that it is spam operating as a phishing scam. This bogus letter claims that the recipient was sent documents for a purchase order via OneDrive.

It must be emphasized that this spam mail is in no way associated with the actual OneDrive file hosting/sharing service or its developer – the Microsoft Corporation.

What kind of application is WebEnumerator?

WebEnumerator is a rogue application our researchers discovered while inspecting new submissions to the VirusTotal website. After we examined this app, we learned that it operates as advertising-supported software (adware); additionally, that WebEnumerator is part of the AdLoad malware family.

What kind of malware is NokNok?

NokNok is the name of a backdoor-type malware that targets macOS (Mac Operating Systems). Programs within this classification are designed to open a "backdoor" for additional malicious components into compromised systems.

NokNok has been used in cyber-espionage attacks targeting individuals and entities associated with US foreign affairs and nuclear security spheres. These attacks were prepped for both Windows and Mac users; the latter aimed to infect their devices with NokNok malware.

There is evidence linking these campaigns with threat actors who support the Islamic Revolutionary Guard Corps (IRGC), specifically the IRGC Intelligence Organization.