Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is CryptBIT 2.0?

CryptBIT 2.0 is a new variant of CryptBIT ransomware. We discovered it while examining samples submitted to VirusTotal. CryptBIT 2.0 encrypts files, appends ".cryptbit" extension to filenames, changes the desktop wallpaper, and drops the "CryptBIT2.0-restore-files.txt" file. The text file dropped by CryptBIT 2.0 contains a ransom note.

An example of how CryptBIT 2.0 renames files: it changes "1.jpg" to "1.jpg.cryptbit", "2.png" to "2.png.cryptbit", and so forth.

What is "FIFA Crypto Giveaway"?

While inspecting sites that use rogue advertising networks, our research team discovered the "FIFA Crypto Giveaway" scam. It is presented as a giveaway held by FIFA, in which users are to contribute a certain amount of either Bitcoin (BTC) or Ethereum (ETH) cryptocurrency to the "event" and immediately receive twice their contribution back.

Naturally, victims of this scam will get nothing in return, and they will only lose the sum they have transferred. It must be emphasized that FIFA is in no way associated with this scheme.

What kind of email is "Your Organization Needs More Information To Keep Your Account Secure"?

Our inspection of the "Your Organization Needs More Information To Keep Your Account Secure" email revealed that it is spam that operates as a phishing scam. These letters target the log-in credentials of recipients' email accounts by offering the latest tech and security innovations.

What kind of malware is Tcbu?

Tcbu is the name of the Djvu ransomware variant that our team discovered while checking the VirusTotal page for recently submitted malware samples. We learned that Tcbu encrypts files, appends ".tcbu" extension to filenames, and drops the "_readme.txt" file (a ransom note).

An example of how Tcbu renames files: it renames "1.jpg" to "1.jpg.tcbu", "2.png" to "2.png.tcbu", and so forth. It is known that Djvu ransomware is often distributed alongside RedLine, Vidar, and other information stealers.

What kind of malware is Tcvp?

Tcvp is a Djvu ransomware variant that encrypts files, appends the ".tcvp" extension to filenames, and drops the "_readme.txt" file. Our malware researchers discovered Tcvp ransomware while examining samples submitted to VirusTotal. Djvu ransomware is often distributed with information-stealing malware such as Vidar and RedLine.

An example of how Tcvp modifies filenames: it changes "1.jpg" to "1.jpg.tcvp", "2.png" to "2.png.tcvp", and so forth.

What is KEYSTEAL?

KEYSTEAL is the name of a trojan targeting macOS Keychain data. This malware arrives onto systems as a trojanized app called ResignTool. Due to how sensitive the information stored on the Mac Keychain can be - this malware poses significant threats to user privacy.

What kind of page is secureyourdatabase[.]live?

While checking out dubious websites, our researchers found the secureyourdatabase[.]live page. It promotes scams, pushes browser notification spam, and redirects visitors to different (likely unreliable/harmful) sites.

Most visitors enter webpages like secureyourdatabase[.]live through redirects caused by websites using rogue advertising networks.

What kind of page is quickpcscanner[.]com?

Quickpcscanner[.]com is a rogue webpage discovered by our research team during a routine inspection of dubious websites. It is designed to promote scams and spam browser notifications. Furthermore, quickpcscanner[.]com can redirect visitors to other (likely unreliable/dangerous) sites.

Webpages of this kind are typically accessed through redirects caused by sites that use rogue advertising networks.

What is Cyber Shield?

While inspecting deceptive websites, we found a scam page stating that there is an "Important Update for Chrome" - from it, we downloaded and thus discovered the Cyber Shield browser extension. This piece of software claims to be a tool that improves online personal data security. However, our analysis revealed that Cyber Shield operates as adware instead.

What is Canadian (RRansom) ransomware?

Canadian (RRansom) is a malicious program classified as ransomware. It is designed to encrypt data and demand ransoms for the decryption tools.

After we executed a sample of this ransomware on our test system, it encrypted files and appended their filenames with a ".canadian" extension. To elaborate, a file originally named "1.jpg" appeared as "1.jpg.canadian", "2.png" as "2.png.canadian", and so forth.

Once the encryption process was concluded, a text file - "DECRYPT YOUR FILES.txt" - was dropped onto the desktop.