Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "Moldindconbank"?

After inspecting this "Moldindconbank" email, we determined that it is fake. This letter targets clients of the Moldindconbank Moldovan bank. The spam email states that the recipient's card has been suspended due to suspicious activity. To rectify this issue, the recipient is to conclude a verification process via a phishing website.

It must be stressed that all these claims are false, and this email is in no way associated with the actual Moldindconbank.

What kind of malware is Havoc?

While inspecting new submissions to VirusTotal, our researchers found the Havoc ransomware. Malware of this kind is designed to encrypt data and demand payment for its decryption.

On our test machine, Havoc encrypted files and altered their filenames. Original titles were appended with the attackers' email, a unique ID assigned to the victim, and the ".havoc" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.EMAIL=[aesdecrypt@gmail.com ]ID=[6D150A0B7E53F99E].havoc".

Once the encryption was completed, the ransomware created a ransom-demanding message titled "FILES ENCRYPTED.txt".

What kind of scam is "Webmail Password Center"?

Upon careful analysis of this email, our team has concluded that it is an instance of phishing. The email is designed to deceive recipients by posing as a communication from an email service provider, specifically impersonating Webmail. The primary goal of scammers is to trick unsuspecting individuals into visiting a fraudulent website and divulging their personal information.

What kind of page is tunnelbuilder[.]top?

Tunnelbuilder[.]top is a deceptive website designed to trick visitors into subscribing to its notifications. Also, tunnelbuilder[.]top redirects users to similar pages. Users rarely intentionally open such pages. Our team encountered tunnelbuilder[.]top while investigating websites that use dishonest advertising networks.

What kind of malware is Atlas?

Atlas is the name of a clipper-type malware. Malicious programs categorized as such are designed to replace content copied into the clipboard. Atlas detects whenever a victim copies a cryptocurrency wallet address and replaces it – thus rerouting outgoing transactions.

What kind of page is gadscare[.]com?

Our researchers discovered the gadscare.com rogue page while investigating suspect sites. This webpage is designed to promote browser notification spam and redirect visitors elsewhere (likely unreliable/harmful sites). Users primarily enter such pages via redirects generated by websites using rogue advertising networks.

What is "Payment List By The Board Of Directors"?

Based on our investigation, it has been confirmed that this email has been falsified by individuals intending to engage in malicious activities. The main goal of these scammers is to trick recipients into sharing confidential information via a fraudulent page. Such pages are referred to as phishing sites.

What kind of malware is Tnwkgbvl?

Tnwkgbvl is ransomware that our team discovered while examining malware samples submitted to VirusTotal. We found that Tnwkgbvl belongs to the Snatch ransomware family. The purpose of Tnwkgbvl is to make files inaccessible by encrypting them. Also, Tnwkgbvl creates a ransom note ("HOW TO RESTORE YOUR TNWKGBVL FILES.TXT").

Additionally, Tnwkgbvl renames files by appending the ".tnwkgbvl" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.tnwkgbvl", "2.png" to "2.png.tnwkgbvl", and so forth.

What kind of malware is ShadowVault?

Targeting macOS users, ShadowVault is an information-stealing malware. Its creators market and sell it on a hacker forum at a price of $500 per month. This malicious software is capable of extracting sensitive data from web browsers, files stored on compromised computers, as well as data from cryptocurrency wallets and other sources.

What kind of application is DefaultOptimization?

DefaultOptimization is an adware-type application belonging to the AdLoad malware family, which our research team discovered while investigating new submissions to the VirusTotal site. This app is designed to display advertisements that primarily promote deceptive/malicious content.