Virus and Spyware Removal Guides, uninstall instructions

Daily Quarantined Message Report Email Scam

What kind of email is "Daily Quarantined Message Report"?

Our analysis of the "Daily Quarantined Message Report" email revealed that it is spam. Letters belonging to this campaign are presented as genuine reports concerning recipients' inboxes. This spam mail aims to steal email accounts by promoting a phishing website.

   
Annual Leave Email Virus

What is "Annual Leave" email virus?

Our malware researchers examined this email and found that it is used by cybercriminals who aim to trick recipients into infecting their computers with FormBook malware. The email itself is disguised as a letter regarding some payment terms. It has a PDF document attached to it that downloads an ISO file that contains malware.

   
NULLTHEGAME Ransomware

What kind of malware is NULLTHEGAME?

NULLTHEGAME is ransomware based on the Chaos ransomware. We discovered it while inspecting malware samples submitted to VirusTotal. NULLTHEGAME encrypts files, appends the ".NULL" extension to filenames, changes the desktop wallpaper and drops a ransom note (the "read_it.txt" file).

An example of how NULLTHEGAME renames files: it changes "1.jpg" to "1.jpg.NULL", "2.png" to "2.png.NULL", and so forth.

   
Winsafe.xyz Ads

What kind of website is winsafe[.]xyz?

While examining winsafe[.]xyz, our team found that this page uses a clickbait technique to lure visitors into agreeing to receive notifications. We also learned that winsafe[.]xyz has at least two designs. We discovered winsafe[.]xyz while inspecting websites that use rogue advertising networks.

   
lUUUUUUUUU Ransomware

What is lUUUUUUUUU ransomware?

lUUUUUUUUU is the name of a ransomware-type program that our researchers discovered while inspecting new submissions to VirusTotal. This malicious program is part of the Xorist ransomware family.

After being launched on our testing system, this ransomware encrypted files and appended the filenames with a ".lUUUUUUUUU" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.lUUUUUUUUU", "2.png" as "2.png.lUUUUUUUUU", etc.

Once the encryption process was completed, lUUUUUUUUU ransomware displayed a pop-up window and created a text file titled "HOW TO DECRYPT FILES.txt". The pop-up and text file contain identical ransom notes.

   
Cryptonite (.cryptn8) Ransomware

What is Cryptonite (.cryptn8) ransomware?

Cryptonite (.cryptn8) is a ransomware designed to encrypt data and demand payment for the decryption. As reported by Fortinet, this is a customizable version of ransomware that is available for free, which is uncommon.

Malware of this type usually appends the encrypted files with an extension, and ".cryptn8" appears to be the default - however, there are indications that the attackers can change it. Additionally, the cyber criminals using Cryptonite (.cryptn8) ransomware can alter relevant data that makes it operational, i.e., ransom amount, cryptocurrency wallet address (into which the payment is to be made), and contact information.

The sample of Cryptonite that we executed on our testing system appended the encrypted files with ".cryptn8", e.g., a file titled "1.jpg" appeared as "1.jpg.cryptn8", "2.png" as "2.png.cryptn8", etc. During the encryption process, this ransomware displayed a fake update screen. Afterward, it created a pop-up containing the ransom note.

   
RAXNET Stealer

What is RAXNET?

RAXNET is a malicious program that operates as a clipper. Malware within this classification can replace clipboard data. RAXNET specifically targets copied cryptocurrency wallet addresses and replaces them with those belonging to the attackers. The purpose of this malware is to steal cryptocurrency.

   
Patriot Stealer

What is the Patriot stealer?

Patriot is the name of a malicious program that operates as a stealer. Despite being described as an "educational" tool in its promotional material, this program is sold on the Web and has functionalities designed for malicious use.

Patriot is capable of stealing a wide variety of information, including various account log-in credentials, credit card numbers, and so on.

   
Incoming Messages ERROR Notification Email Scam

What kind of email is "Incoming Messages ERROR Notification"?

After analyzing the "Incoming Messages ERROR Notification" email, we determined that it is spam operating as a phishing scam. This mail claims that an error had occurred on the recipient's email account and prevented messages from researching the inbox. To release the nonexistent letters - the recipient is instructed to press a link that redirects to a phishing website targeting email account log-in credentials.

   
Google - Qatar World Cup Lottery Email Scam

What is "Google - Qatar World Cup Lottery"?

We examined this email and learned that it is generated by crooks who seek to trick recipients into believing that they have won a lottery. This letter is a hoax (a lottery scam). People who fall for such scams never receive any money or other prizes. Thus, this email should be ignored/deleted.

   

Page 401 of 2105

<< Start < Prev 401 402 403 404 405 406 407 408 409 410 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal