Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "Retirement Funds"?

After inspecting the "Retirement Funds" email, we determined that it is spam operating as a phishing scam. This letter is disguised as a notification from Principal regarding recipients' retirement funds.

It must be emphasized that this email is fake, and it is in no way associated with Principal Financial Group – a global financial investment management and insurance company. This spam mail aims to steal recipients' Principal account log-in credentials through a phishing website.

What kind of email is "Mailbox Quota Exceeded"?

"Mailbox Quota Exceeded" is a phishing spam campaign. We inspected two email variants belonging to this campaign. Both versions inform recipients that their email account storage quota has been exceeded and needs to be increased.

When attempts are made to update the account, users get redirected to a phishing website disguised as an email sign-in page.

What kind of page is mypcdefenderplus[.]site?

We have examined mypcdefenderplus[.]site and found that this is a deceptive page running the "McAfee - Your PC is infected with 5 viruses!" scam. We also noticed that mypcdefenderplus[.]site wants to send notifications. Our team discovered this site while inspecting pages that use rogue advertising networks.

What kind of page is lilustriousdates[.]net?

Our research team found the lilustriousdates[.]net rogue page while investigating untrustworthy websites. It is designed to promote dubious content and spam browser notifications. Furthermore, this webpage can redirect visitors elsewhere (likely unreliable/malicious sites).

Most users access pages like lilustriousdates[.]net via redirects caused by websites that use rogue advertising networks.

What kind of malware is KEEPCALM?

KEEPCALM is ransomware that we have discovered during an analysis of malware samples submitted to the VirusTotal site. The purpose of KEEPCALM is to encrypt files. Also, it creates the "ReadMe.txt" file (a ransom note) and modifies filenames (appends the victim's ID, josealen@tutanota.com email address, and ".KEEPCALM" extension to filenames).

An example of how KEEPCALM renames files: it changes "1.jpg" to "1.jpg-+Id(91264586) mail(josealen@tutanota.com).KEEPCALM", "2.png" to "2.png-+Id(91264586) mail(josealen@tutanota.com).KEEPCALM", and so forth.

What is "IGP Legal" email virus?

We have determined that this email is fraudulent and has been written by cybercriminals with the intent of tricking the recipients into infecting their computers. This email is disguised as a letter from IPG Legal, claiming that it has a long overdue invoice attached to it. The purpose of the email is to entice recipients into infecting their computers.

What kind of page is captchaforcaptcha[.]top?

Captchaforcaptcha[.]top is a rogue webpage that we discovered while checking out suspicious websites. At the time of research, this page had two appearance variants – both designed to promote spam browser notifications. Furthermore, captchaforcaptcha[.]top can redirect visitors to other (likely untrustworthy/harmful) sites.

Users typically enter webpages like captchaforcaptcha[.]top through redirects caused by sites that use rogue advertising networks.

What kind of application is ResultProtocol?

During our investigation of various deceptive web pages (e.g., those offering updates for supposedly outdated software), our team discovered a questionable application called ResultProtocol. Upon installation, ResultProtocol began displaying unwanted advertisements, leading us to classify this app as adware.

What is Alice ransomware?

Our researchers found the Alice ransomware while investigating new malware submissions to VirusTotal. Malicious programs within this classification operate by encrypting data and demanding payment for decryption.

After we executed a sample of Alice on our test machine, it encrypted files and appended their filenames with a ".alice" extension. To elaborate, a file originally titled "1.jpg" appeared as "1.jpg.alice", "2.png" as "2.png.alice", and so on for all of the compromised files.

Once the encryption process was completed, a text file named "How To Restore Your Files.txt" was created. This file contains the ransom-demanding message in Russian.

What kind of application is Files Downloader Expert?

Files Downloader Expert is an application that our team discovered on a suspicious website, though the app also has an official site. Upon testing the application, we discovered that it is a browser extension that displays intrusive advertisements. Due to this behavior, we have classified Files Downloader Expert as adware.