Virus and Spyware Removal Guides, uninstall instructions

What kind of page is webfreshupdater[.]com?

Webfreshupdater[.]com is a rogue webpage that our researchers discovered while investigating suspicious sites. It promotes browser notification spam and redirects visitors to different (likely untrustworthy or malicious) websites. Users typically access pages akin to webfreshupdater[.]com through redirects caused by sites that use rogue advertising networks.

What kind of email is "Your Password Is About To Expire Tomorrow"?

After checking out the "Your Password Is About To Expire Tomorrow" email, we determined that it is spam. Letters belonging to this campaign operate as phishing scams targeting email account log-in credentials. These fake message urge recipients to avoid their password expiration and redirect to a website disguised as their email account sign-in page.

What is ComedyTab?

During a routine investigation of websites that use rogue advertising networks, our research team found a page endorsing the ComedyTab browser extension. It promises to display jokes from famous comedians on every new browser tab. However, our analysis revealed that in addition to working as advertised, ComedyTab operates as a browser hijacker. This extension alters browser settings and causes redirects.

What kind of email is "Verify Your Email Address"?

We inspected the "Verify Your Email Address" email and determined that it is spam. The letter states that the recipient's email account must be verified for security purposes. This spam mail operates as a phishing scam and aims to steal email passwords by promoting a fake sign-in webpage.

What kind of scam is "Microsoft Services Agreement Update"?

While studying this email, we learned that it is written by scammers who aim to trick unsuspecting recipients into providing sensitive information. It is disguised as a letter from an email service provider and contains a link to a phishing website. This email should be marked as spam and deleted (ignored).

What is an Injector trojan?

Injector trojan refers to a type of malware designed to inject malicious code into programs and processes. The application of these trojans varies; they may be capable of changing the operation of legitimate software or causing chain infections (i.e., downloading/installing additional malware). Due to the variety of uses these malicious programs can have, the dangers associated with these infections are especially broad.

What kind of page is captchafine[.]live?

While examining captchafine[.]live, we discovered that it uses a clickbait technique (displays a deceptive message) to lure visitors into allowing it to show notifications. Also, captchafine[.]live redirects to scam websites. This page has at least two variants. We discovered captchafine[.]live while inspecting other shady pages.

What kind of email is "NATURALISTS"?

After inspecting the "NATURALISTS" email - we determined that it is spam operating as a phishing scam. This letter targets recipients' email account log-in credentials (passwords) by claiming that they must sign in to access the shared file.

What kind of application is Landscape Scroller?

While investigating the Landscape Scroller browser extension, we found that it changed the web browser's settings. It hijacked a web browser to promote search.landscapescroller.net - a fake search engine. Our team discovered Landscape Scroller on a deceptive web page.

What kind of malware is Kcvp?

Kcvp is ransomware belonging to the Djvu family. We discovered this Djvu variant while examining malware samples submitted to the VirusTotal page. Kcvp encrypts files, appends the ".kcvp" extension to filenames, and drops the "_readme.txt" file (a ransom note). It is known that Djvu ransomware is often distributed alongside information-stealing malware such as Vidar and RedLine.

An example of how Kcvp changes filenames: it renames "1.jpg" to "1.jpg.kcvp", "2.png" to "2.png.kcvp", and so forth.