Virus and Spyware Removal Guides, uninstall instructions

What kind of application is CommonBoost?

Our analysis reveals that CommonBoost behaves like typical adware, flooding users with intrusive ads that can lead to scams and other online dangers. Additionally, several security vendors have flagged CommonBoost as malicious. Thus, users should avoid installing this app and remove it if it is already present.

What kind of scam is "Norton - This Mac Is Infected With Viruses"?

Our researchers discovered the "Norton - This Mac Is Infected With Viruses" scam during a routine investigation of suspicious websites. It warns users that their Mac is infected and urges them to remove the threats.

It must be emphasized that the claims made by this scam are false, and it is in no way associated with the actual Norton AntiVirus.

What is "VAT Refund" scam?

Our team has inspected the email and found that it is disguised as a message regarding a VAT (Value Added Tax) refund. It is crafted by scammers who aim to steal personal information from recipients. Emails of this type are classified as phishing emails. They should be ignored to avoid potential consequences.

What kind of malware is Destiny Stealer?

Destiny Stealer is an info-stealing malware targeting Discord, web browsers, cryptocurrency wallets, and various files. Cybercriminals can exploit the stolen information for various malicious purposes, such as identity theft, financial fraud, and unauthorized account access. Victims are advised to run a system scan to remove the malware as soon as possible.

What kind of malware is LCRYPTX?

LCRYPTX is a ransomware-type program discovered by our researchers during a routine inspection of file submissions to the VirusTotal website. Ransomware is a type of malware that encrypts data and demands payment for the decryption.

On our testing system, LCRYPTX encrypted files and appended their filenames with a ".lcryx" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.lcryx", "2.png" as "2.png.lcryx", etc. Afterward, a ransom note – "READMEPLEASE.txt" – is dropped.

What kind of scam is "Cleaner Update For Android Is Recommended"?

While investigating suspicious websites, our researchers discovered the "Cleaner Update For Android Is Recommended" scam that targets Android users. It claims that the operation of users' smartphones may be significantly diminished if they do not download/install the recommended software. It must be emphasized that the information in this scam is false, and a legitimate entity has not provided it.

What kind of page is moreadsfeed[.]top?

We have examined moreadsfeed[.]top and learned that it uses clickbait (a deceptive method) to trick visitors into permitting it to show notifications. Once this permission is granted, moreadsfeed[.]top can deliver notifications containing fake warnings and other misleading messages. Therefore, users should not trust moreadsfeed[.]top and avoid visiting it.

What kind of malware is V?

Our team has inspected V (ransomware belonging to the Dharma family) and found that it encrypts files and appends the victim's ID, an email address, and the ".V" extension to files. It also displays a ransom note (a pop-up message) and creates a text file, "info.txt". Our discovery of V ransomware occurred while analyzing malware samples submitted to VirusTotal.

An example of how files encrypted by V are changed: "1.jpg" is renamed to "1.jpg.id-9ECFA84E.[vijurytos@tuta.io].V", "2.png" to "2.png.id-9ECFA84E.[vijurytos@tuta.io].V", and so forth.

What kind of page is loadpremiumapp[.]monster?

During our inspection of loadpremiumapp[.]monster, we found that it is used to distribute unwanted and potentially malicious applications (similar to Tiaow VApp, Woiap WApp, Kowi SApp, Disoaq App, and other apps). The site also requests permission to show notifications, which it can use to promote scams and other online threats.

What kind of scam is "Your Norton Subscription Is Out Of Date"?

We have inspected the site and found that it is a scam page designed to trick visitors into believing that they must take immediate action to protect their computers. Typically, users get tricked into opening such sites, or they are redirected to them through other web pages of this kind. This and similar sites should be ignored and closed if encountered.