Virus and Spyware Removal Guides, uninstall instructions

What is Muldrop?

Muldrop trojan - refers to a type of malware that drops multiple malicious programs onto infected devices. These droppers tend to cause extensive chain infections, which could potentially overload the system to the point of failure. Trojans of this kind can infect devices with just about any type of malware - hence, the threats posed by their infections are extensive.

It is pertinent to mention that Muldrop trojans are commonly distributed through fake "cracked" software download websites.

What kind of malware is TMS5?

TMS5 is ransomware that encrypts files and modifies their filenames and creates the "!TMS5_INFO!.rtf" file that contains a ransom note. TMS5 is part of the Matrix ransomware family. Our team discovered this ransomware variant while inspecting malware samples submitted to the VirusTotal page.

TMS5 renames files by replacing their names with an email address, a string of random characters and appending the ".TMS5" extension to them (e.g., it would rename a file named "1.jpg" to "[TomSoyer5@protonmail.com].0RS11z4v-rGxLrEjN.TMS5").

What kind of application is GeneralOperation?

GeneralOperation is the name of an application we discovered while inspecting a fake installed downloaded from a deceptive web page. We learned that the purpose of GeneralOperation is to display intrusive advertisements. Thus, we classified GeneralOperation as adware. In most cases, users install adware inadvertently.

What kind of application is Search-Mgr?

While examining the Search-Mgr browser extension, we found that it functions as a browser hijacker: it changes certain browser's settings to searchmgr.online. It forces users to browse the Internet using a shady search engine. It is worth mentioning that browser hijackers usually are promoted and distributed using questionable methods.

What kind of page is pcprimedefense[.]com?

Our research team discovered the pcprimedefense[.]com rogue webpage while inspecting untrustworthy websites. The page promotes scams and spam browser notifications. Additionally, it is capable of redirecting uses to other (likely unreliable/hazardous) sites.

Most visitors to pcprimedefense[.]com and pages akin to it - enter them via redirects caused by websites using rogue advertising networks.

What kind of page is protectsoftware[.]xyz?

Protectsoftware[.]xyz is a rogue webpage that we discovered while investigating suspicious sites. This page promotes online scams ("You've visited illegal infected website"), pushes spam browser notifications, and redirects visitors to different (likely untrustworthy/harmful) webpages.

Users typically enter pages like protectsoftware[.]xyz via others that use rogue advertising networks.

What is Tick Tab Clock?

While inspecting rogue websites, our research team found the Tick Tab Clock browser extension. It is presented as a tool that provides aid with time keeping/managing. However, our analysis determined that Tick Tab Clock operates as a browser hijacker. This extension changes browser settings in order to promote the search.ticktabclock.net illegitimate search engine.

What is ConnectedField?

We discovered the ConnectedField application during a routine inspection of new submissions to VirusTotal. On our test system, this app ran intrusive ad campaigns, and due to this behavior - it is considered to be adware. Additionally, ConnectedField belongs to the AdLoad malware family.

What kind of email is "BRITISH CAMELOT ONLINE LOTTERY"?

After inspecting the "BRITISH CAMELOT ONLINE LOTTERY" email, we determined that it is spam operating as a phishing scam. It targets personally identifiable information by claiming that it must be provided to claim the lottery prize that the recipient has won.

It must be emphasized that these claims are false, and this spam mail is in no way associated with the Camelot Group, EuroMillions, or any other legitimate entities.

What kind of page is pushycaptcha[.]live?

Our team examined pushycaptcha[.]live and learned that it displays a deceptive message to lure visitors into agreeing to receive notifications. Additionally, pushycaptcha[.]live redirects to scam websites. We discovered pushycaptcha[.]live while inspecting websites that use rogue advertising networks.