Virus and Spyware Removal Guides, uninstall instructions

What kind of malware Atomic?

Atomic, also known as Atomic macOS Stealer (AMOS), is a malicious program targeting Mac OSes (Operating Systems). It is classified as a stealer – a type of malware that extracts and exfiltrates information from infected devices. At the time of writing, Atomic is actively sold on Telegram.

What kind of scam is "Sales Contract"?

Upon reviewing this letter, we have determined that it is a phishing email aimed at obtaining sensitive information from its recipients. The email includes an attachment that leads to a fraudulent website. It is disguised as a letter regarding a sales contract from the Sea Map Group.

What kind of page is fast-redirectus[.]xyz?

Fast-redirectus[.]xyz is the address of a rogue webpage that we discovered while inspecting untrustworthy sites. This page is designed to promote spam browser notifications and redirect users to other (likely dubious/malicious) websites.

Most visitors to webpages like fast-redirectus[.]xyz access them through redirects caused by sites that use rogue advertising networks.

What kind of malware is MgBot?

MgBot is a malware framework. It is capable of causing chain infections (i.e., downloading/installing additional malicious programs or components). Additionally, this framework supports multiple plug-ins that are geared toward data exfiltration.

MgBot has been used in an attack on an African telecommunications organization, and this activity is linked to the Daggerfly cybercrime group.

What kind of site is top-search.xyz?

Our examination has revealed that top-search.xyz is a fake search engine. Such search engines are usually promoted through browser hijackers, which users unknowingly install on computers or add to browsers as apps. As a result, the browser settings are modified without their knowledge or consent.

What kind of malware is Fleckpe?

Fleckpe is a recently discovered Android Trojan family found on Google Play, which secretly subscribes victims to paid services. This Trojan primarily affects users in Thailand. It has been active since the start of 2022 and is continuously updated with new capabilities.

What kind of page is oneettinlive[.]com?

While examining websites that utilize illegitimate advertising networks, our team found oneettinlive[.]com, an untrustworthy webpage that presents visitors with deceitful material to trick them into enabling browser notifications. Typically, users do not intentionally visit sites like oneettinlive[.]com.

What kind of application is Quick Close Tab?

While testing the Quick Close Tab extension, we found that it is supposed to close the current tab in a context menu but shows advertisements. Thus, we classified Quick Close Tab as adware. It is worth noting that our team discovered Quick Close Tab on a deceptive website.

What kind of malware is Foty?

During our examination of malware samples submitted to VirusTotal, we came across a ransomware variant belonging to the Djvu family, dubbed Foty. This ransomware encrypts files and adds the ".foty" extension to the filenames. Additionally, Foty also leaves a ransom note file called "_readme.txt".

As part of the Djvu ransomware family, Foty may be distributed alongside other malware like RedLine or Vidar, which are known to steal user information. An example of how Foty changes filenames: it renames "1.jpg" to "1.jpg.foty", "2.png" to "2.png.foty", and so forth.

What kind of page is nongloths[.]com?

Our research team discovered the nongloths[.]com rogue page while inspecting suspicious websites. It is designed to promote spam browser notifications and redirect users to different (likely unreliable/dangerous) sites. Users typically enter webpages like nongloths[.]com through redirects caused by sites that employ rogue advertising networks.