Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "McAfee - A Virus Has Been Found On Your PC!"?

While investigating suspicious websites, our research team discovered the "McAfee - A Virus Has Been Found On Your PC!" scam. This deceptive content is disguised as the McAfee anti-virus, and it must be stressed that the actual McAfee Corp. is not associated with this scheme.

"McAfee - A Virus Has Been Found On Your PC!" makes false claims regarding system infections. Typically, scams of this kind are used to promote untrustworthy and harmful software.

What is Tangem ransomware?

Tangem is a ransomware-type program discovered by our researchers during a routine investigation of new submissions to VirusTotal. This malicious program is part of the MedusaLocker ransomware family, and it is designed to encrypt data and demand ransoms for decryption.

On our test machine, Tangem encrypted files and appended their filenames with a ".tangem" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.tangem", "2.png" as "2.png.tangem", etc.

After the encryption was completed, Tangem created a ransom note titled "How_to_back_files.html". Based on the message therein, it is evident that this ransomware targets companies rather than home users.

What kind of malware is Domino?

Domino is a type of malware that has been utilized by cybercriminals as early as late February 2023 to disseminate either the Project Nemesis information stealer or Cobalt Strike. The perpetrators achieve their objectives through the use of a Domino backdoor and loader. The Domino campaign is propagated through various methods such as phishing.

What kind of malware is RTM Locker?

RTM Locker (also known as Read The Manual Locker) is ransomware that encrypts files, changes the desktop wallpaper, drops the "How To Restore Your Files.txt" file containing a ransom note, and appends 64 random characters to the filenames of all encrypted files. It is known that RTM Locker is offered as Ransomware as a Service (RaaS).

An example of how RTM Locker renames files: it changes "1.jpg" to "1.jpg.4117E5B4E58CF57DBE56C6EC62D6A123F429A2F014D0F5C943A014D76126E96A", "2.png" to "2.png.24645DABEFE1F375A68DC87A394BBF5872AE166358EAE75B1A524EA9FDC92E5A", and so forth.

What kind of malware is Chameleon?

Chameleon is the name of a trojan targeting Android Operating Systems (OSes). This malware is capable of stealing information (with a particular emphasis on banking data) and performing various other malicious activities.

Chameleon has been around since at least January 2023 and, at the time of writing, almost exclusively targets Australian and Polish users. This malicious program primarily infiltrates systems under the guise of legitimate browsers or cryptocurrency, banking, chatbot, and other apps.

What kind of application is Online Radio?

Our team came across the Online Radio app on a dubious website, which also has an official website. Upon evaluating the application, we determined that it is a browser extension that exhibits intrusive advertisements. As a result of this conduct, we have categorized Online Radio as adware.

What kind of malware is CrossLock?

While analyzing malware samples submitted to the VirusTotal site, our team discovered a ransomware variant dubbed CrossLock. The purpose of CrossLock is to block access to data by encrypting it. Also, CrossLock appends the ".crlk" extension to the filenames of all encrypted files and creates the "---CrossLock_readme_To_Decrypt---.txt" file (a ransom note).

An example of how CrossLock ransomware renames files: it changes "1.jpg" to "1.jpg.crlk", "2.png" to "2.png.crlk", and so forth.

What kind of application is Sports Sensei?

During our investigation of the Sports Sensei browser extension, our team discovered that it functions as a browser hijacker with the intent of promoting a fake search engine (sportsensei.info). It is common for users to download and install or add browser hijackers inadvertently. Sports Sensei and similar apps should not be trusted.

What kind of page is stablepcprotection[.]com?

Stablepcprotection[.]com is a rogue webpage that our researchers discovered while inspecting questionable sites. It is designed to run scams and push spam browser notifications. Furthermore, this page can redirect users to different (likely unreliable/malicious) websites.

Most visitors to webpages like stablepcprotection[.]com enter them through redirects caused by sites using rogue advertising networks.

What is SDK ransomware?

While investigating new submissions to VirusTotal, our researchers discovered the SDK ransomware. This malicious program is part of the Phobos ransomware family.

After we executed a sample of SDK ransomware on our testing system, it encrypted files and altered their filenames. Original titles were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".SDK" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3449].[sdk@africamail.com].SDK".

Once this process was completed, the ransomware created ransom notes in a pop-up window ("info.hta") and text file ("info.txt").