Virus and Spyware Removal Guides, uninstall instructions

What is Baro box?

While inspecting dubious software promoting websites, our researchers discovered one endorsing the Baro box browser extension. Our analysis of this extension revealed that it operates as a browser hijacker - changes browser settings to cause redirects to the barosearch.com fake search engine. Baro box also spies on users' browsing activity.

What kind of page is takeekatthree[.]xyz?

Our researchers discovered the takeekatthree[.]xyz rogue page during a routine investigation into untrustworthy websites. This webpage promotes online scams, pushes spam browser notifications, and redirects visitors' to different (likely unreliable/dangerous) sites.

Users typically enter takeekatthree[.]xyz and similar webpages through redirects caused by websites that use rogue advertising networks.

What is Images downloader?

While inspecting questionable software-promoting websites, our research team discovered Images downloader. This rogue browser extension promises to improve and simplify image downloading. However, our analysis revealed that Images downloader operates as adware instead.

What is VantageAdvisor?

VantageAdvisor is a piece of rogue software that our research team discovered while looking through new submissions to VirusTotal. It is yet another adware-type app belonging to the AdLoad malware family.

What is TelevisionReproduce?

Our researchers discovered the TelevisionReproduce rogue application. After analyzing this piece of software, we determined that it operates as adware. This app enables the placement of advertisements on various interfaces. Additionally, it is noteworthy that TelevisionReproduce is part of the AdLoad malware family.

What is HYPERSCRAPE?

HYPERSCRAPE is a malicious program designed to steal sensitive information. This malware aims explicitly to steal user data from email and personal information management accounts. There is evidence linking HYPERSCRAPE with Charming Kitten - an Iranian government-backed espionage group.

What is Loplup ransomware?

While inspecting new submissions to VirusTotal, our researchers discovered the Loplup ransomware-type program, which is part of the ZEPPELIN ransomware family.

Once we executed a sample of Loplup on our test machine, it encrypted files and appended their filenames with a ".loplup.[victim's_ID]" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.loplup.312-A1A-FD7". Afterwards, a ransom note - "!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT" - was created.

What kind of page is ylcufr[.]com?

During a routine investigation of untrustworthy sites, our researchers discovered the ylcufr[.]com rogue webpage. This page promotes browser notification spam with the use of deception. Furthermore, it can redirect visitors to other sites, which are likely dubious or malicious.

Most users enter ylcufr[.]com and websites akin to it via redirects caused by pages that use rogue advertising networks.

What kind of page is news-xebipi[.]com?

News-xebipi[.]com is the address of a rogue webpage that our researcher team discovered while inspecting suspicious websites. It is designed to push spam browser notifications and redirect visitors to other (likely untrustworthy or malicious) sites.

Users typically access pages like news-xebipi[.]com through redirects caused by websites using rogue advertising networks.

What is Escanor (Esca)?

Escanor, also known as Esca, is a Remote Access Trojan (RAT). Malware of this kind operates by enabling remote access and control over infected devices. RATs tend to be highly multifunctional and pose a wide range of threats. Escanor (Esca) is a cross-platform malware that targets both Windows and Android Operating Systems (OSes).

Significant Escanor (Esca) RAT activity has been noted in the Middle East, North America, Central America, and South-East Asia.