Virus and Spyware Removal Guides, uninstall instructions

What kind of application is TokenCollective?

During the testing phase of the TokenCollective application, our team noticed that it exhibits invasive ads. Consequently, we categorized TokenCollective as adware. Adware is typically promoted and disseminated through dubious means, often leading to unintended downloads and installations by users.

What is CryptoTorLocker ransomware?

Our research team discovered CryptoTorLocker while investigating new malware submissions to VirusTotal. This malicious program is a variant of the CryptoLocker ransomware. Software within the ransomware classification encrypts data and demands payment for its decryption.

After we executed a sample of CryptoTorLocker on our test machine, it encrypted files and appended their filenames with a ".CryptoTorLocker2015!" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.CryptoTorLocker2015!", "2.png" as "2.png.CryptoTorLocker2015!", etc.

Once this process was completed, the ransomware created identical ransom notes in a pop-up window, desktop wallpaper, and a text file named "HOW TO DECRYPT FILES.txt".

What kind of page is lntriguingdate[.]com?

Lntriguingdate[.]com is a rogue page that we discovered while checking out untrustworthy websites. It is designed to load dubious content and promote browser notification spam. Furthermore, this webpage can redirect visitors to other (likely dubious/malicious) sites.

Most users access pages like lntriguingdate[.]com through redirects caused by websites that use rogue advertising networks.

What is searchontec.com?

Our team has examined searchontec.com and learned that it is a shady search engine that may provide questionable search results. Another issue with search engines of this kind is that a big part of them is promoted via browser hijackers. It is common for browser-hijacking apps to be promoted and distributed in deceptive ways.

What is Quick access to Chat GPT?

Quick access to Chat GPT is the name of a fake Chrome extension designed to steal Facebook accounts. Although most of the targeted accounts are used for business/advertising, regular users are also at risk. It is being advertised on Facebook-sponsored posts as a tool allowing users to quickly access ChatGPT directly from their browser. Although the extension provides access to Chat GPT, it also collects various data from browsers.

What is "DHL Statement Of Account" email virus?

After examining this letter, we concluded that it is a fake letter from DHL - a legitimate logistics company providing courier, package delivery, and express mail service. Cybercriminals behind this email aim to trick recipients into infecting their computers with malware via the attached archive file.

What kind of malware is Valyria?

Valyria is a detection name used by many security vendors. Files of various formats, including (but not limited to) malicious Microsoft Office documents, VBS, JavaScript, EXE, and others – can be detected as "Valyria".

Typically, this detection indicates that the file is a dropper. These types of files are designed to infect devices with malicious software. Most often, droppers inject high-risk malware into devices, but they may infiltrate harmful content like adware as well.

What kind of email is "Payment Via ATM Visa Card Will Be Shipped"?

After inspecting the "Payment Via ATM Visa Card Will Be Shipped" email, we determined that it is spam. This fake letter is presented as a missive from the "Executive Office of the President United States American" (mistyped the same in the original) and even the 46th president of the USA – Joe Biden himself.

The email claims that the recipient will be sent an ATM card with over thirty million USD on it – as part of a compensation fund.

It must be emphasized that all these claims are false, and they are not associated with any real individuals or entities. This phishing email aims to extract sensitive information from recipients and potentially trick them into sending money to scammers.

What kind of malware is DrWeb?

DrWeb is ransomware belonging to the Xorist family. Our malware researchers discovered DrWeb during an analysis of malware samples submitted to the VirusTotal website. DrWeb encrypts files, appends the ".DrWeb" extension to filenames, displays an error pop-up window and creates the "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" file (a ransom note).

An example of how DrWeb modifies filenames: it changes "1.jpg" to "1.jpg.DrWeb", "2.png" to "2.png.DrWeb", and so forth.

What is "Webmail Password Expired"?

We have inspected this email and determined that it is a fake letter from an email service provider. Scammers behind this email aim to lure unsuspecting recipients into providing personal information on a phishing page. Recipients of this (or any similar) email should not open the provided site and provide any information.