Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "Pending Messages On Our Remote Server"?

Our inspection of the "Pending Messages On Our Remote Server" email revealed that it operates as a phishing scam. This letter seeks to obtain the recipient's email account log-in credentials by making false claims about messages failing to reach their inbox.

What kind of application is ModemMaterial?

ModemMaterial is the name of an application our team discovered after downloading and using a fake installer for the Adobe Flash Player. While testing ModemMaterial, we learned that it generates intrusive advertisements. Software that shows unwanted advertisements is called adware.

What kind of malware is Unique?

Unique is ransomware that makes files inaccessible by encrypting them, modifies their filenames, and generates two ransom notes ("info.txt" and "info.hta" files). Unique is part of the Phobos ransomware family. We discovered it on VirusTotal (while checking this page for recently submitted malware samples).

Unique renames files by appending the victim's ID, uniqueproject@xsmail.com email address, and ".unique" extension. For example, it renames "1.jpg" to "1.jpg.id[9ECFA84E-3379].[uniqueproject@xsmail.com].unique", "2.png" to "2.png.id[9ECFA84E-3379].[uniqueproject@xsmail.com].unique", and so forth.

What kind of page is wnprt[.]club?

While inspecting wnprt[.]club, our team learned that it has two purposes: to trick visitors into believing that their computers are infected (and purchasing antivirus software) and allowing it to show notifications. It runs the "McAfee - Your PC is infected with 5 viruses!" scam.

We discovered wnprt[.]club while examining pages that use rogue advertising networks (open shady pages and display deceptive ads).

What kind of page is analysissoftwarecentr[.]com?

Our researchers discovered the analysissoftwarecentr[.]com rogue webpage during a routine inspection of questionable websites. This page is designed to promote scams, push spam browser notifications, and redirects visitors to other (likely untrustworthy/malicious) sites.

Users typically access analysissoftwarecentr[.]com and similar webpages through redirects caused by sites that employ rogue advertising networks.

What is RankBet?

Our research team discovered the RankBet rogue app while inspecting new submissions to VirusTotal. After installing this piece of software onto our test system, we learned that it operates as adware. It is noteworthy that RankBet belongs to the AdLoad malware family.

What is S.O.V.A.?

S.O.V.A. is the name of a banking trojan targeting Android devices. As its classification implies, this malware seeks to obtain baking and finance-related data. However, this trojan has a wide variety of functionalities and can be used to cause varied problems.

What is MMXXII ransomware?

While inspecting new submissions to VirusTotal, our research team discovered the MMXXII ransomware. This malicious program is part of the Phobos ransomware family.

After executing a sample of MMXXII on our test system, it began encrypting files and altering their filenames. The titles of the affected files were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".MMXXII" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3378].[casecrosu@eml.cc].MMXXII".

Once this process was finished, ransom-demanding messages created/displayed in a pop-up window ("info.hta") and text file ("info.txt").

What kind of malware is CapraRAT?

CapraRAT is the name of an Android remote access trojan (RAT), possibly a modified version of another (open-source) RAT called AndroRAT. It is known that CapraRAT is used by an advanced persistent threat group (ATP) called APT36 (also known as Earth Karkaddan). CapraRAT allows attackers to perform certain actions on the infected Android device.

What kind of page is ourhugenews[.]com?

Ourhugenews[.]com is a rogue webpage discovered by our researchers during a routine investigation of suspicious sites. This page promotes browser notification spam and redirects visitors to other (likely unreliable/dangerous) websites. Users typically access such pages via redirects caused by sites using rogue advertising networks.