Virus and Spyware Removal Guides, uninstall instructions

What is the fake "Binance Megadrop" website?

After inspecting this "Binance Megadrop" website, we determined that it is a scam. It uses a fake airdrop as a lure to trick visitors into exposing their digital wallets to a cryptocurrency drainer. Victims of this scheme experience financial loss.

It must be emphasized that this hoax giveaway is in no way associated with Binance or any other legitimate platforms and entities.

What kind of page is yodste[.]com?

Yodste[.]com is the address of a rogue webpage. Our researchers discovered this page during a routine inspection of suspect sites. Yodste[.]com is designed to endorse browser notification spam and redirect visitors to different (likely unreliable/hazardous) websites. Most users enter webpages like yodste[.]com through redirects caused by sites utilizing rogue advertising networks.

What kind of page is websulads[.]top?

Our team has inspected websulads[.]top and found that this page uses clickbait to trick visitors into granting it permission to show notifications. Typically, web pages like websulads[.]top send unreliable notifications. Thus, websulads[.]top and similar sites should not be visited/trusted.

What kind of malware is Daolpu?

Daolpu is an information stealer targeting browsers. Cybercriminals behind Daolpu use techniques similar to the ones described in the CrowdStrike scam to deliver the malware. Users who suspect that their computers are infected with Daolpu should run a system scan as soon as possible to detect and eliminate the malware.

What kind of website is inboxmailzone.com?

Inboxmailzone.com is the address of a fake search engine promoted by InboxMailZone. This browser extension promises to provide instant access to emails. Instead, InboxMailZone modifies browser settings to endorse (via redirects) the inboxmailzone.com webpage.

Due to this behavior, this extension is classed as a browser hijacker. It is noteworthy that InboxMailZone could push other fraudulent search engines, and vice versa for inboxmailzone.com.

What kind of malware is OceanSpy?

OceanSpy is a ransomware variant based on Chaos. Our team discovered it while examining malware samples submitted to the VirusTotal platform. We learned that OceanSpy is designed to encrypt files and append an extension consisting of four random characters to their filenames. Also, OceanSpy changes the desktop wallpaper and creates a ransom note ("OceanCorp.txt").

An example of how OceanSpy modifies filenames: it renames "1.jpg" to "1.jpg.233v", "2.png" to "2.png.gptg", and so forth.

What kind of email is "Donation Of Crypto Funds"?

After investigating the "Donation Of Crypto Funds" email, we determined that it is fake. The letter details a request made by a gravely ill wealthy individual seeking aid with distributing their cryptocurrency assets to charities.

This mail lures recipients into visiting a phishing website that targets cryptowallet log-in credentials, with the scammers' goal being to steal digital assets from compromised wallets.

What kind of extension is Daily Weather New Tab?

Our analysis of dailyweathertab.com has shown that it is a fake search engine that does not generate results. This fake search engine is promoted via an extension classified as a browser hijacker. Users are advised against using dailyweathertab.com or extensions associated with such websites.

What kind of malware is ZILLA?

ZILLA is ransomware that we discovered during an examination of malware samples submitted to VirusTotal. Our research has shown that ZILLA is part of the Dharma family. Once in the system, ZILLA encrypts files, changes the names of all encrypted files, displays a pop-up (a ransom note), and creates a text file named "ZILLA-INFO.txt" (another ransom note).

This ransomware renames files by appending the victim's ID, filezilla@cock.li email address, and the ".ZILLA" extension. For example, it changes "1.jpg" to "1.jpg.id-9ECFA84E.[filezilla@cock.li].ZILLA", "2.png" to "2.png.id-9ECFA84E.[filezilla@cock.li].ZILLA", and so forth.

What kind of software is No More 404?

Our researchers discovered the No More 404 browser extension while investigating deceptive websites. It is promoted as a tool for avoiding HTTP errors and reviewing site performance data. Upon inspecting No More 404, we determined that it is advertising-supported software (adware).