Virus and Spyware Removal Guides, uninstall instructions

What kind of page is protectionservicespc[.]site?

During the examination of protectionservicespc[.]site, we found that it uses fraudulent marketing to promote antivirus software. This page shows deceptive (fake) messages to trick visitors into believing that their computers are infected and purchasing antivirus subscriptions. Also, protectionservicespc[.]site wants to show notifications.

What kind of page is steadycaptcha[.]live?

During a routine inspection of suspicious websites, our research team discovered the steadycaptcha[.]live rogue page. It promotes browser notification spam and redirects visitors elsewhere (likely untrustworthy/harmful) webpages.

Users typically enter steadycaptcha[.]live and sites akin to it - via redirects caused by websites that use rogue advertising networks.

What kind of malware is CryptBIT 2.0?

CryptBIT 2.0 is a new variant of CryptBIT ransomware. We discovered it while examining samples submitted to VirusTotal. CryptBIT 2.0 encrypts files, appends ".cryptbit" extension to filenames, changes the desktop wallpaper, and drops the "CryptBIT2.0-restore-files.txt" file. The text file dropped by CryptBIT 2.0 contains a ransom note.

An example of how CryptBIT 2.0 renames files: it changes "1.jpg" to "1.jpg.cryptbit", "2.png" to "2.png.cryptbit", and so forth.

What is "FIFA Crypto Giveaway"?

While inspecting sites that use rogue advertising networks, our research team discovered the "FIFA Crypto Giveaway" scam. It is presented as a giveaway held by FIFA, in which users are to contribute a certain amount of either Bitcoin (BTC) or Ethereum (ETH) cryptocurrency to the "event" and immediately receive twice their contribution back.

Naturally, victims of this scam will get nothing in return, and they will only lose the sum they have transferred. It must be emphasized that FIFA is in no way associated with this scheme.

What kind of email is "Your Organization Needs More Information To Keep Your Account Secure"?

Our inspection of the "Your Organization Needs More Information To Keep Your Account Secure" email revealed that it is spam that operates as a phishing scam. These letters target the log-in credentials of recipients' email accounts by offering the latest tech and security innovations.

What kind of malware is Tcbu?

Tcbu is the name of the Djvu ransomware variant that our team discovered while checking the VirusTotal page for recently submitted malware samples. We learned that Tcbu encrypts files, appends ".tcbu" extension to filenames, and drops the "_readme.txt" file (a ransom note).

An example of how Tcbu renames files: it renames "1.jpg" to "1.jpg.tcbu", "2.png" to "2.png.tcbu", and so forth. It is known that Djvu ransomware is often distributed alongside RedLine, Vidar, and other information stealers.

What kind of malware is Tcvp?

Tcvp is a Djvu ransomware variant that encrypts files, appends the ".tcvp" extension to filenames, and drops the "_readme.txt" file. Our malware researchers discovered Tcvp ransomware while examining samples submitted to VirusTotal. Djvu ransomware is often distributed with information-stealing malware such as Vidar and RedLine.

An example of how Tcvp modifies filenames: it changes "1.jpg" to "1.jpg.tcvp", "2.png" to "2.png.tcvp", and so forth.

What is KEYSTEAL?

KEYSTEAL is the name of a trojan targeting macOS Keychain data. This malware arrives onto systems as a trojanized app called ResignTool. Due to how sensitive the information stored on the Mac Keychain can be - this malware poses significant threats to user privacy.

What kind of page is secureyourdatabase[.]live?

While checking out dubious websites, our researchers found the secureyourdatabase[.]live page. It promotes scams, pushes browser notification spam, and redirects visitors to different (likely unreliable/harmful) sites.

Most visitors enter webpages like secureyourdatabase[.]live through redirects caused by websites using rogue advertising networks.

What kind of page is quickpcscanner[.]com?

Quickpcscanner[.]com is a rogue webpage discovered by our research team during a routine inspection of dubious websites. It is designed to promote scams and spam browser notifications. Furthermore, quickpcscanner[.]com can redirect visitors to other (likely unreliable/dangerous) sites.

Webpages of this kind are typically accessed through redirects caused by sites that use rogue advertising networks.