Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Atharvan?

Atharvan is the name of a Remote Access Trojan (RAT). The purpose of malware of this type is to give an attacker unauthorized access to a computer or device from a remote location. The attacker can perform a variety of malicious activities, such as stealing passwords, deploying additional malware, deleting or modifying files, etc.

What is ChatGPT malware?

"ChatGPT malware" refers to malicious content distributed under the guise of ChatGPT (Chat Generative Pre-trained Transformer) – a chatbot developed by OpenAI. Since its inception in the autumn of 2022, ChatGPT has reached extreme popularity. At the time of writing, its user base has grown over 100 million. It is particularly prevalent that any enormously popular product/service is swiftly taken advantage of by cyber criminals and scammers alike.

Although ChatGPT is only available online (chat.openai.com), numerous fake desktop clients and mobile apps imitating this chatbot have been discovered. A variety of harmful and malicious software has been proliferated using "ChatGPT" as a disguise.

Additionally, OpenAI has released ChatGPT Plus – a paid premium service. This has opened the avenue for cyber criminals to offer "cracked" versions and create fake payment websites that target victims' financial information.

It must be emphasized that this fraudulent and dangerous content is in no way associated with either the actual ChatGPT or OpenAI.

What kind of scam is "World Lottery" email scam?

We have inspected this email and learned that it is a lottery scam email. It is a type of fraud where scammers send emails to unsuspecting individuals, claiming that they have won a large sum of money in a lottery or sweepstakes. These emails typically instruct recipients to respond with personal information.

What kind of malware is Snwkz?

Snwkz is ransomware that our team discovered while examining samples submitted to the VirusTotal website. The purpose of Snwkz is to encrypt files. Also, it creates a ransom note (a file named "[random_string]_HOW_TO_DECRYPT.txt") and renames files by appending a string of random characters and the ".snwkz" extension to filenames.

We found that Snwkz is part of the Hive ransomware family. An example of how it modifies filenames: it changes "1.jpg" to "1.jpg.5GidBrZG88lGZxe-YMbrNscpw4h9e6-NISHVchGL8Ov_qHLbTXn2TV00.snwkz" "2.png" to "2.png.5GidBrZG88lGZxe-YMbrNscpw4h9e6-NISHVchGL8Ov_qHLbTXn2TV00.snwkz", and so forth.

What is search.tablicious.com?

While investigating rogue software, we discovered the search.tablicious.com fake search engine. These illegitimate websites usually cannot generate search results and redirect to genuine search engines; this is true of search.tablicious.com as well.

Sites of this kind are typically promoted (via redirects) by browser hijackers. Furthermore, fake search engines and the software endorsing them – tend to spy on users' browsing activity.

What kind of page is productprogramm2[.]com?

While investigating untrustworthy websites, our research team discovered the productprogramm2[.]com rogue page. It is designed to promote dubious/malicious software and browser notifications spam. Furthermore, this webpage can redirect visitors to different (likely unreliable/dangerous) sites.

Users most commonly access pages like productprogramm2[.]com via redirects caused by websites that employ rogue advertising networks.

What is Roghe ransomware?

Roghe is the name of a ransomware-type program. Malware classed as ransomware operates by encrypting data in order to demand ransoms for its decryption.

After we executed a sample of Roghe on our test machine, we learned that it appends encrypted files with a ".enc" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.enc", "2.png" as "2.png.enc", and so on for all of the affected files.

Once this process was concluded, the ransomware changed the desktop wallpaper and displayed a pop-up window containing the ransom note.

What kind of email is "Suspicious Login Attempt On Your Windows Computer"?

After inspecting the "Suspicious Login Attempt On Your Windows Computer" email, we determined that it is spam operating as a technical support scam.

The letter is presented as an alert from Microsoft/ Windows Security Center. It states that a suspect sign-in attempt has been made to the recipient's computer. The fake email urges the recipient to call the provided helpline in order to address this threat.

What kind of malware is Google?

While analyzing malware samples submitted to the VirusTotal website, we discovered a ransomware variant dubbed Google. We found that Google ransomware belongs to the Chaos ransomware family. The purpose of this malware is to encrypt files. In addition to encrypting files, Google ransomware drops the "read_it.txt" file, a ransom note.

Also, it appends the ".google" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.google", "2.png" to "2.png.google", and so forth. It is important to note that Google company is not associated with this ransomware.

What kind of email is "Account Will Be Terminated"?

Our analysis of the "Account Will Be Terminated" email revealed that it is spam. This fake letter claims that the recipient's email account will be closed – unless it is upgraded.

When the user attempts to update their account, the link in the letter redirects them to a phishing website. This site mimics the recipient's email account sign-in page and records the entered credentials.