Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Servidoracessobanco?

Servidoracessobanco is ransomware that belongs to a ransomware family called Amnesia. Our malware researchers discovered it while examining samples submitted to VirusTotal. The purpose of Servidoracessobanco ransomware is to encrypt files (keep them inaccessible until they are decrypted).

Additionally, it replaces filenames with a string of random characters (and appends the ".servidoracessobanco" extension to filenames) Also, it creates the "Hello.txt" file (a ransom note). An example of how Servidoracessobanco renames files: it changes "1.jpg" to "=nw3lXgPo1ARY4.servidoracessobanco", "2.png" to "sapWiTyXp0tPguY.servidoracessobanco", and so forth.

What kind of email is "Password Is Scheduled To Expire"?

"Password Is Scheduled To Expire" is yet another spam email. After inspecting this letter, we determined that it operates as a phishing scam.

This fake message notifies the recipient that their email account password is about to expire and requires immediate action (i.e., reconfirming the old password) to avoid undesirable consequences. By trusting this email - users will unintentionally expose their email accounts to scammers.

What kind of malware is Eeyu?

While inspecting malware samples submitted to the VirusTotal page, we discovered ransomware (which is part of the Djvu family) called Eeyu. It encrypts files and appends its extension to filenames. For example, Eeyu renames "1.jpg" to "1.jpg.eeyu", "2.png" to "2.png.eeyu", etc. Also, it drops the "_readme.txt" file containing a ransom note.

What kind of malware is Gnik?

Gnik is ransomware belonging to the Dharma family. Our team discovered this ransomware while inspecting malware samples submitted to VirusTotal. We found that Gnik prevents victims from accessing their files by encrypting them. It also modifies filenames and provides two ransom notes.

Gnik displays a pop-up window and generates a text file ("info.txt") containing ransom notes. An example of how Gnik renames files: it changes "1.jpg" to "1.jpg.id-9ECFA84E.[king2022@msgden.com].gnik", "2.png" to "2.png.id-9ECFA84E.[king2022@msgden.com].gnik". It appends the victim's ID, email address, and the ".gnik" extension to filenames.

What is DisLight?

DisLight is a rogue browser extension that our researchers discovered while inspecting dubious software-promoting websites. This extension promises to enable dark mode for simple design webpages. Instead, it operates as advertising-supported software (adware).

What is CoolADSBlockSearch?

CoolADSBlockSearch is a rogue browser extension. After analyzing this piece of software, we determined that it operates as a browser hijacker. CoolADSBlockSearch modifies browser settings to promote the cooladsblocksearch.com fake search engine.

What kind of email is "DHL Express - CONFIDENTIALITY NOTICE"?

Our inspection of the "DHL Express - CONFIDENTIALITY NOTICE" email uncovered that it is spam. This mail operates as a phishing scam. The letter is presented as a confidential message that recipients can access by providing their email account credentials.

It must be emphasized that these emails are fake, and they are not associated with the DHL logistics company.

What kind of page is protect-data-2022[.]xyz?

Our researchers discovered the protect-data-2022[.]xyz rogue site while investigating suspicious webpages. This page operates by promoting scams, pushing browser notification spam, and redirecting visitors to other (likely unreliable/malicious) websites.

Most users access pages like protect-data-2022[.]xyz through redirects caused by webpages that use rogue advertising networks, misspelled URLs, intrusive ads, spam notifications, or installed adware.

What kind of application is ClickDark?

After testing the ClickDark application, our team learned that it shows annoying advertisements. Therefore, we classified ClickDark as adware. We discovered this app while examining deceptive websites offering/instructing us to download supposedly useful (or required) browser extensions.

What is Scam ransomware?

While inspecting new submissions to VirusTotal, our research team discovered a ransomware-type program called Scam. It is yet another one based on the Chaos ransomware.

On our test machine, the Scam ransomware encrypted files and appended their filenames with a ".scam" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.scam", "2.png" as "2.png.scam", and so on for all of the affected files.

After the encryption process was finished, this ransomware changed the desktop wallpaper and created a text file named "read_it.txt". The wallpaper and file contained ransom notes.