Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is DARKKUR?

DARKKUR is the name of a ransomware-type program. Malware within this category is designed to encrypt data and demand payment for its decryption. DARKKUR appends the filenames of encrypted files with a unique ID assigned to the victim, the cyber criminals' email address, and an extension.

The extension differs depending on the ransomware's variant; observed ones include – ".timecrystal1", ".DARKKUR1", and ".DarkCrypt". For example, on our test machine, the ".timecrystal1" variant renamed a file titled "1.jpg" as "1.jpg.[AE3419DE[TimeCrystal@zohomail.eu].timecrystal1".

After the encryption process is completed, DARKKUR creates/displays ransom notes – a pop-up window ("info.hta") and text file ("ReadMe.txt").

What kind of malware is PindOS?

PindOS is a malware written in JavaScript. It is designed to cause chain infections and has been observed being used to infiltrate Bumblebee and IcedID malicious programs into compromised systems. There is tenuous evidence suggesting that the threat actors behind PindOS malware are Russian.

What kind of page is captchawave[.]top?

While checking out questionable sites, our researchers discovered the captchawave[.]top rogue webpage. Its goal is to deceive visitors into permitting it to deliver browser notification spam. Additionally, this page can cause redirects to other (likely untrustworthy/dangerous) websites.

Most visitors to captchawave[.]top and similar webpages enter them via redirects caused by sites using rogue advertising networks.

What kind of application is NetworkImagine?

NetworkImagine is a rogue app that we discovered while investigating new submissions to VirusTotal. Our examination of this application revealed that it operates as adware and that it is part of the AdLoad malware family.

What kind of page is easylifescan[.]com?

Easylifescan[.]com is the address of a rogue webpage designed to promote online scams and spam browser notifications. At the time of research, it ran the "You've visited illegal infected website" scam. Additionally, this page can redirect users to different (likely unreliable/dangerous) sites.

Most visitors to easylifescan[.]com and similar webpages access them via redirects generated by websites employing rogue advertising networks. Our research team discovered easylifescan[.]com while investigating sites that use said networks.

What kind of page is arrowtoldilim[.]com?

We have examined arrowtoldilim[.]com and found that the purpose of this page is to deceive visitors into allowing it to send notifications. Arrowtoldilim[.]com aims to achieve that by displaying a deceptive message and other elements. Additionally, arrowtoldilim[.]com redirects users to similar websites.

What kind of email is "Apple Mobile Promo Draw"?

After examining the "Apple Mobile Promo Draw" spam email, we determined that it operates as a phishing scam. This campaign targets personally identifiable information, which is coaxed out of recipients through false claims concerning a prize of 750 thousand USD that they have supposedly won.

What kind of email is "American Express Security Team"?

After inspecting the "American Express Security Team" email, we determined that it is fake. This spam letter is presented as a notification regarding a declined cardless purchase. The goal is to trick the recipient into providing their account credentials into a phishing file. It must be emphasized that this email is in no way associated with the actual American Express Company.

What is "Boxes Of Money"?

After careful analysis, we have determined that the email in question is a scam. The purpose of this fraudulent message is to deceive recipients into providing personal information or making financial transactions to scammers. It is strongly recommended that recipients ignore and delete this email to avoid falling victim to the scam.

What kind of malware is TUGA?

TUGA is ransomware that encrypts files, appends its extension (".TUGA") to filenames, and leaves a ransom note ("README.txt"). Our team discovered TUGA while examining malware samples submitted to the VirusTotal website. An example of how TUGA renames files: it changes "1.jpg" to "2.jpg.TUGA", "2.png" to "2.png.TUGA", and so forth.