Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Qore?

Our team came across Qore ransomware during our analysis of malware samples submitted to VirusTotal. Qore is part of the Djvu ransomware family. It encrypts files and adds the ".qore" extension to their filenames. This ransomware also creates a "_readme.txt" file containing payment and contact information.

It is common for Djvu ransomware to be distributed with information stealers like RedLine or Vidar, which steal sensitive data from infected computers before encrypting files. An example of how Qore renames files: it changes "1.jpg" to "1.jpg.qore", "2.png" to "2.png.qore", and so on.

What kind of malware is AuKill?

AuKill is the name of a malware designed to terminate security processes, thus prepping the compromised system for further infections.

This malicious software has been implemented in at least three attacks since January 2023. Twice AuKill was used preceding a Medusa Locker ransomware infection and once before Lockbit ransomware. However, AuKill could be used as part of an infection chain for various malicious programs.

What kind of malware is NodeStealer?

NodeStealer is a type of malware written in JavaScript and executed through Node.js. It is used by threat actors to steal browser cookies and login credentials, enabling them to hijack Gmail, Facebook, Outlook, and possibly other accounts. The malware was initially discovered in late January of 2023.

What kind of page is dispatchfeed[.]com?

Our research team discovered the dispatchfeed[.]com rogue page while investigating suspicious websites. It is designed to promote spam browser notifications and redirect visitors to other (likely unreliable/harmful) sites.

Users primarily enter webpages like dispatchfeed[.]com via redirects caused by sites that use rogue advertising networks, spam notifications, mistyped URLs, intrusive ads, or installed adware.

What kind of page is biserka[.]xyz?

Our team's investigation of biserka[.]xyz revealed it to be an untrustworthy website that uses deceptive tactics to persuade visitors into subscribing to notifications. These types of websites are often accessed unintentionally by visitors. Biserka[.]xyz came to our attention while inspecting other dubious pages.

What kind of page is reianter[.]com?

While investigating rogue webpages, our researchers discovered the reianter[.]com rogue site. It operates by pushing browser notification spam and redirecting visitors to other (likely untrustworthy/dangerous) websites. Most users enter pages like reianter[.]com via redirects caused by sites that use rogue advertising networks.

What kind of malware is FluHorse?

FluHorse is a dangerous Android malware that targets users in Eastern Asia. The malware is distributed through emails and uses several malicious apps that mimic legitimate ones, stealing credentials and 2FA codes. FluHorse has the ability to evade detection for extended periods.

What kind of page is pressrestraint[.]com?

Pressrestraint[.]com is a rogue page that our research team discovered while inspecting untrustworthy websites. This webpage promotes browser notification spam and redirects visitors to different (likely unreliable/malicious) sites.

Most users access pages like pressrestraint[.]com through redirects generated by websites that use rogue advertising networks.

What kind of email is "IMAP/POP Configuration Error"?

After inspecting the "IMAP/POP Configuration Error" email, we determined that it is spam. This letter falsely states that due to a configuration error, incoming messages have failed to reach the inbox. The goal of these claims is to trick recipients into attempting to restore their accounts through a phishing website that is designed to record entered log-in credentials.

What kind of page is vonsoocm[.]com?

During our investigation of websites that employ dubious advertising networks, we came across vonsoocm[.]com. This website displays deceptive content to deceive visitors into subscribing to its notifications. Moreover, vonsoocm[.]com redirects visitors to other sites.