Virus and Spyware Removal Guides, uninstall instructions

What kind of page is thepharmadds[.]com?

During our investigation of suspicious websites, we came across thepharmadds[.]com, which attempts to present misleading notifications to visitors. This website uses clickbait to convince users to grant permission to receive notifications from it. Thus, users are advised not to trust thepharmadds[.]com.

What kind of page is addinglobal[.]com?

During our investigation of addinglobal[.]com, we discovered that it is among the websites created to deceive visitors into consenting to receive notifications. These notifications can be bothersome and invasive, and in some cases, they may even carry malicious content. Typically, users open sites like addinglobal[.]com unintentionally.

What kind of software is Shampoo (ChromeLoader)?

Shampoo is the name of a browser extension, which is proliferated in the latest ChromeLoader malware campaign. This piece of software operates primarily as a browser hijacker, but it also has adware functionalities.

Shampoo is similar to the Ring browser hijacker, although the former is more sophisticated and uses multiple persistence-ensuring techniques.

What kind of malware is Bhgr?

While analyzing malware samples submitted to VirusTotal, we came across Bhgr, a member of the Djvu ransomware family. Bhgr encrypts files on the compromised system and appends the ".bhgr" extension to their filenames. Also, Bhgr generates a ransom note ("_readme.txt" file).

To illustrate the file renaming process, Bhgr would transform a file named "1.jpg" into "1.jpg.bhgr", "2.png" to "2.png.bhgr", etc. It is crucial to note that ransomware belonging to the Djvu family is often distributed alongside information stealers such as Vidar and RedLine.

What kind of page is getgadsgroup[.]com?

During our investigation of websites utilizing rogue advertising networks, we came across getgadsgroup[.]com, a site that employs a deceptive tactic to lure visitors into subscribing to notifications. It is important to note that users do not deliberately navigate to pages like getgadsgroup[.]com.

What kind of malware is BabyDuck?

BabyDuck is a ransomware-type program we discovered while examining new submissions to VirusTotal. This malicious program is based on Babuk ransomware.

On our testing system, a sample of BabyDuck encrypted files and appended their filenames with a ".babyduck" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.babyduck", "2.png" as "2.png.babyduck", etc. Afterwards, BabyDuck dropped a ransom note titled "ATTENTION!!!.txt" onto the desktop.

What kind of email is "New Webmail Version"?

After investigating the "New Webmail Version" email, we determined that it is spam. This letter encourages the recipient to switch their Webmail account to the latest version. The aim of this phishing mail is to obtain email account log-in credentials.

What kind of website is keywordssearching.com?

Keywordssearching.com is the address of a fake search engine. Websites of this kind are usually promoted (via redirects) by browser hijackers. This software modifies browser settings for this purpose. Furthermore, both illegitimate search engines and browser-hijacking software typically collect user data.

What kind of page is tapheshusurvey[.]space?

Upon investigating tapheshusurvey[.]space, we determined that it is an untrustworthy website that engages in survey scams. Additionally, tapheshusurvey[.]space wants to display notifications and redirects users to other websites. It is important to note that users do not intentionally visit pages like tapheshusurvey[.]space.

What kind of email is "You've Received A Secure File"?

After inspecting the "You've Received A Secure File" spam email, we determined that it operates as a phishing scam. The letter claims that the recipient was sent a protected document, which can only be accessed by providing their email account log-in credentials.