Virus and Spyware Removal Guides, uninstall instructions

What kind of page is atedmonastyd[.]xyz?

During our investigation of atedmonastyd[.]xyz, we uncovered that the website employs a clickbait technique to entice visitors into subscribing to its notifications. Additionally, atedmonastyd[.]xyz redirects users to other unreliable websites. Consequently, it is strongly recommended to refrain from accessing atedmonastyd[.]xyz.

What kind of email is "American Express Credit/Refund Adjustment Message"?

Our examination of the "American Express Credit/Refund Adjustment Message" email revealed that it is a phishing scam targeting account credentials. The letter makes false claims regarding a refund – to receive which the recipient must verify their account ownership via the attached file. The attachment is a phishing file designed to record entered information.

What kind of page is disjuncove[.]com?

While checking out suspect websites, our research team found the disjuncove[.]com rogue page. It is designed to endorse browser notification spam and redirect visitors to other (likely dubious/dangerous) sites.

Users typically enter disjuncove[.]com and similar webpages through redirects generated by websites that employ rogue advertising networks.

What kind of application is NanoService?

We discovered the NanoService rogue app while investigating new submissions to the VirusTotal website. Our analysis revealed that this application operates as adware and that it is part of the AdLoad malware family.

What kind of email is "DHL Express Notification"?

After examining this "DHL Express Notification" email, we determined that it is spam. This fake letter claims that the recipient has pending actions regarding their package. It must be emphasized that this scam email is in no way associated with the actual DHL logistics company.

What kind of application is MyToDo?

After our examination, we have concluded that the MyToDo application operates as a browser extension designed to hijack web browsers. Its primary objective is to take control of browser settings and enforce a deceptive search engine known as mylistodo.com. Moreover, MyToDo possesses the capability to access specific data, thereby raising concerns regarding privacy and security.

What kind of scam is "Asian Continental Lottery"?

Upon reviewing the email, it has come to our attention that it originates from a fraudulent individual (or individuals) seeking to deceive recipients into believing they have been awarded a substantial amount of money. The ultimate objective is to obtain sensitive information and (or) solicit funds. It is strongly advised to disregard and promptly delete such emails.

What kind of application is VersionTrust?

Upon reviewing the VersionTrust application, we have found that it exhibits intrusive advertisements. Such applications are categorized as adware or advertising-supported applications. It is not uncommon for users to unintentionally install adware without being fully aware of its presence or the consequences it may entail.

What kind of page is qpsh[.]online?

While examining qpsh[.]online, our team discovered that this page uses clickbait to lure visitors into agreeing to receive its notifications. Also, qpsh[.]online can redirect users to other untrustworthy websites. Thus, it is highly advisable to avoid visiting qpsh[.]online.

What kind of malware is Merdoor?

Merdoor is a backdoor-type malicious program. Software of this kind is designed to open a "backdoor" for malware and malicious components into compromised systems.

The threat actor behind Merdoor is dubbed Lancefly. This malware has been around since at least 2018. It has been observed being used in highly targeted attacks involving low numbers of infected devices. The activity centers South and Southeast Asian entities operating in the governmental, education, aviation, and telecommunication spheres. Lancyfly's goal appears to be gathering intelligence.