Virus and Spyware Removal Guides, uninstall instructions

What is "DHL Statement Of Account" email virus?

After examining this letter, we concluded that it is a fake letter from DHL - a legitimate logistics company providing courier, package delivery, and express mail service. Cybercriminals behind this email aim to trick recipients into infecting their computers with malware via the attached archive file.

What kind of malware is Valyria?

Valyria is a detection name used by many security vendors. Files of various formats, including (but not limited to) malicious Microsoft Office documents, VBS, JavaScript, EXE, and others – can be detected as "Valyria".

Typically, this detection indicates that the file is a dropper. These types of files are designed to infect devices with malicious software. Most often, droppers inject high-risk malware into devices, but they may infiltrate harmful content like adware as well.

What kind of email is "Payment Via ATM Visa Card Will Be Shipped"?

After inspecting the "Payment Via ATM Visa Card Will Be Shipped" email, we determined that it is spam. This fake letter is presented as a missive from the "Executive Office of the President United States American" (mistyped the same in the original) and even the 46th president of the USA – Joe Biden himself.

The email claims that the recipient will be sent an ATM card with over thirty million USD on it – as part of a compensation fund.

It must be emphasized that all these claims are false, and they are not associated with any real individuals or entities. This phishing email aims to extract sensitive information from recipients and potentially trick them into sending money to scammers.

What kind of malware is DrWeb?

DrWeb is ransomware belonging to the Xorist family. Our malware researchers discovered DrWeb during an analysis of malware samples submitted to the VirusTotal website. DrWeb encrypts files, appends the ".DrWeb" extension to filenames, displays an error pop-up window and creates the "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" file (a ransom note).

An example of how DrWeb modifies filenames: it changes "1.jpg" to "1.jpg.DrWeb", "2.png" to "2.png.DrWeb", and so forth.

What is "Webmail Password Expired"?

We have inspected this email and determined that it is a fake letter from an email service provider. Scammers behind this email aim to lure unsuspecting recipients into providing personal information on a phishing page. Recipients of this (or any similar) email should not open the provided site and provide any information.

What is "Download pro"?

While investigating suspicious websites, we found the Download pro browser extension. It is promoted as a tool that aids with the management of download histories. However, our analysis of Download pro revealed that it operates as adware.

What is finderflash.club?

Our researchers discovered finderflash.club while investigating rogue software. This website is classed as a fake search engine, and it is incapable of generating search results.

Typically, sites of this kind are promoted (through redirects) by browser hijackers. Illegitimate search engines and the software endorsing them usually collect sensitive user information as well.

What kind of email is "Trunk Box Delivery"?

After inspecting the "Trunk Box Delivery" email, we determined that it is spam. This phishing letter states that the recipient will receive an exorbitant sum of money after they pay a fee and reconfirm their personal information.

It must be emphasized that all the claims made by the "Trunk Box Delivery" email are false and intended to trick recipients into transferring money to the scammers as well as their disclosing personally identifiable details.

What is cancelnotifications.com?

Cancelnotifications.com is the URL of a fake search engine. Websites classed as such are typically incapable of generating search results and tend to redirect to legitimate search engines. Cancelnotifications.com is not an exception. These sites are promoted (through redirects) by browser hijackers. Illegitimate search engines and the software endorsing them usually collect sensitive user data.

What kind of malware is RootFinder?

RootFinder is an information stealer written using the .NET platform. It steals information from Windows operating systems and sends stolen data to attackers via Telegram. RootFinder is sold for $50. Cybercriminals promote this stealer on hacker forums.