Virus and Spyware Removal Guides, uninstall instructions

Topreqdusa.com Ads

What kind of page is topreqdusa[.]com?

Topreqdusa[.]com is a rogue site that we discovered while investigating untrustworthy websites. This page is designed to promote browser notification spam and – at the time of research – did so by employing fake CAPTCHA verification. The webpage in question can also redirect users to different (likely unreliable/dangerous) sites.

Visitors to topreqdusa[.]com and pages akin to it – access them primarily via redirects caused by websites that use rogue advertising networks.

   
Topadvastudio.com Ads

What kind of page is topadvastudio[.]com?

While inspecting questionable sites, our researchers discovered the topadvastudio[.]com rogue pages. This webpage is designed to push spam browser notifications. Furthermore, it can redirect visitors to different (likely untrustworthy/hazardous) websites.

Most users enter sites like topadvastudio[.]com via redirects caused by pages that use rogue advertising networks.

   
Mikel Ransomware

What is Mikel ransomware?

Mikel is a variant of the Proxima ransomware. Malware within this classification is designed to encrypt data and demand payment.

When we executed a sample of Mikel ransomware on our test machine, it encrypted files and appended their filenames with a ".mikel" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.mikel", "2.png" as "2.png.mikel", etc. Afterwards, a ransom note – "Mikel_Help.txt" – was created.

   
Odestech.com Ads

What kind of page is odestech[.]com?

Odestech[.]com is a website that presents misleading messages to entice visitors into consenting to receive notifications. Typically, users arrive at these pages inadvertently. Our team found odestech[.]com while inspecting pages that use questionable advertising networks.

   
Proxima Ransomware

What is Proxima ransomware?

Proxima is the name of a ransomware-type program. It is designed to encrypt data for the purpose of making ransom demands for decryption.

After we executed a sample of Proxima on our test machine, it encrypted files and appended their filenames with a ".proxima" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.proxima", "2.png" as "2.png.proxima", and so forth.

Once this process was finished, the ransomware dropped a ransom-demanding message – "Proxima_Readme.txt" – onto the desktop.

   
Intesa Sanpaolo Email Scam

What kind of scam is "Intesa Sanpaolo" email scam?

We have inspected this letter and determined that it is a phishing email. Scammers behind it pose as a legitimate banking company (Intesa Sanpaolo). Their goal is to lure recipients into providing login information on a fake web page. Recipients should ignore this letter.

   
DarkBit Ransomware

What is DarkBit ransomware?

DarkBit is a ransomware we discovered while investigating new malware submissions to VirusTotal. It operates by encrypting data and demanding ransoms for decryption.

Once we launched a sample of DarkBit on our testing system, it began encrypting files and altering their filenames. Affected files were renamed with a random character string and the ".Darkbit" extension. To elaborate, a file initially titled "1.jpg" appeared as "3oDWq7Fp1676362581.Darkbit", "2.png" appeared as "QV3xwMP11676362581.Darkbit", and so on.

After the encryption process was finished, this ransomware created a ransom note named "RECOVERY_DARKBIT.txt" and dropped it onto the desktop.

   
Pdb Ransomware

What kind of malware is Pdb?

While checking the VirusTotal site for recently submitted malware samples, our team discovered a ransomware strain dubbed Pdb. This ransomware encrypts data, appends the ".pdb" extension to filenames, and drops the "pdb.txt" file that contains a ransom note.

An example of how Pdb ransomware renames files: it changes "1.jpg" to "1.jpg.pdb", "2.doc" to "2.doc.pdb", and so forth.

   
Blockedvideos.xyz Ads

What kind of page is blockedvideos[.]xyz?

Blockedvideos[.]xyz is a rogue page we discovered while inspecting dubious websites. It operates by promoting browser notification spam and redirecting visitors to different (likely untrustworthy/harmful) sites.

Most users access pages like blockedvideos[.]xyz through redirects caused by webpages that use rogue advertising networks. However, they may also be entered via misspelled URLs, spam notifications, intrusive ads, or installed adware.

   
Pay (VoidCrypt) Ransomware

What kind of malware is Pay?

While analyzing malware samples submitted to VirusTotal, our team discovered a ransomware strain dubbed Pay. We found that Pay is part of the VoidCrypt ransomware family. It encrypts files, appends the paydecryption@gmail.com email address, victim's ID, and ".pay" extension to filenames, and drops a ransom note (a file named "").

An example of how Pay modifies filenames: it renames "1.jpg" to "1.jpg.[PayDecryption@gmail.com][MJ-HR8357129406].pay", "2.png" to "2.png.[PayDecryption@gmail.com][MJ-HR8357129406].pay", and so forth.

   

Page 342 of 2105

<< Start < Prev 341 342 343 344 345 346 347 348 349 350 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal