Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is SoumniBot?

SoumniBot is an Android-specific malware. It utilizes sophisticated anti-analysis and anti-detection techniques. This malicious program is designed to exfiltrate sensitive data from devices, with a particular focus on banking-related information. SoumniBot has been observed being leveraged in attacks targeting clients of Korean online banks.

What kind of scam is "McAfee Safety Warning"?

During our examination of the website, we discovered a scam operation hosted on it. This scam is crafted to deceive visitors by presenting them with what appears to be a safety warning from a reputable security company. Such warnings are designed to instill a sense of urgency and fear, coercing visitors into taking immediate action.

What kind of malware is ClipWallet?

ClipWallet is a clipper-type malware that targets multiple operating systems, including macOS, Windows, and Linux/Unix. This malicious program is written in the Go programming language.

ClipWallet is designed to reroute outgoing cryptocurrency transactions by replacing digital wallet addresses. This malware has been observed being injected into devices by a fake CloudChat app.

What kind of software is "Page-error.com official extension"?

Our research team discovered the "Page-error.com official extension" while investigating a Torrenting site that utilizes rogue advertising networks. This software is endorsed as a tool for solving web errors and providing alternatives when a sought website is down.

However, the rogue browser extension promotes the page-error.com fake search engine instead. This software also spies on users' browsing activity.

What kind of application is MagnaEngine?

During our inspection of the MagnaEngine browser extension, we found that it operates as a browser hijacker. This extension hijacks a browser by changing its settings. The purpose of MagnaEngine is to promote a fake search engine. Also, MagnaEngine enables the "Managed by your organization" feature.

What kind of malware is IRIS?

While inspecting new submissions to the VirusTotal platform, our research team discovered a malicious program named IRIS. It is based on the Chaos ransomware. IRIS encrypts files and demands payment for their decryption.

On our testing system, this ransomware locked files and appended their filenames with an extension comprising four random characters. For example, a file titled "1.jpg" appeared as "1.jpg.582m", "2.png" as "2.png.2n02", and so on for all of the encrypted files. Once this process was finished, IRIS changed the desktop wallpaper and dropped a ransom note titled "read_it.txt".

What kind of scam is the fake blockdag[.]services site?

After thoroughly examining the website (blockdag[.]services), we have confirmed it to be a fraudulent imitation of the official BlockDAG Network website. The creators of this deceptive page intend to steal digital assets (cryptocurrency) from unsuspecting victims. Consequently, it is strongly advised to refrain from visiting this site.

What kind of malware is Rincrypt 2.0?

During our inspection, we discovered that Rincrypt 2.0 is ransomware based on Chaos ransomware. We discovered Rincrypt 2.0 while inspecting malware samples submitted to VirusTotal. This ransomware appends four random characters to the names of encrypted files, changes the desktop wallpaper, and creates the "READ THIS.txt" file (a ransom note).

An example of how Rincrypt 2.0 renames files: it changes "1.jpg" to "1.jpg.e49f", "2.png" to "2.png.fwyt", and so forth.

What kind of scam is "Claim Ethena"?

"Claim Ethena" is a scam presented as the official Ethena website. Users are lured into "connecting" their digital wallets by a promise of being able to claim the ENA (Ethena) cryptocurrency. Instead, the scheme triggers a crypto drainer that can steal funds out of exposed wallets.

What kind of application is Total Audio Formatter?

Our researchers discovered the Total Audio Formatter app while investigating a P2P sharing (Torrenting) site that uses rogue advertising networks. It is a Potentially Unwanted Application (PUA).

Software within this classification often has harmful capabilities. Additionally, installers like the one carrying Total Audio Formatter commonly include multiple pieces of unwanted or malicious software.