Virus and Spyware Removal Guides, uninstall instructions

What is PremiumContinental?

PremiumContinental is an adware-type application that our research team discovered while inspecting new submissions to VirusTotal. It runs intrusive advertisement campaigns (displays ads) and likely collects private data. Additionally, PremiumContinental is part of the AdLoad malware family.

What kind of email is "Renewing The Domain"?

After inspecting the "Renewing The Domain" email, we determined that it is spam. The letter claims that a domain owned by the recipient is being renewed, and unless the email is backed up - disruptions in the mail service and data loss may occur. This email urges recipients to back up their email by following the provided link, which redirects to a phishing website that targets email account log-in credentials.

What is Mega Colors?

Our research team discovered the Mega Colors browser extension while inspecting questionable software-promoting webpages. This extension is endorsed as a tool capable of changing website background colors. Our analysis of Mega Colors revealed that it operates as advertising-supported software (adware) instead.

What is HIP1 ransomware?

HIP1 is a ransomware-type program that our researchers discovered while inspecting new submissions to VirusTotal. This malicious program belongs to the VoidCrypt ransomware family.

When we launched a sample of HIP1 on our test system, it encrypted files and appended their filenames with a unique ID, the cyber criminals' email address, and a ".HIP1" extension. For example, a file titled "1.jpg" appeared as "1.jpg[ID=J7rtO3-Mail=FreedomTeam@mail.ee].HIP1", etc. Afterward, this ransomware created a ransom note named "Read_Me!_.txt".

What is LevelNight?

During a routine investigation of new submissions to VirusTotal, our researchers discovered the LevelNight rogue application. After analyzing this app, we determined that it works as advertising-supported software (adware). Furthermore, it is noteworthy that LevelNight is part of the AdLoad malware family.

What is "Google Docs email scam"?

"Google Docs email scam" refers to scam campaigns that contain phishing attachments claiming to allow access to securely-stored files on Google Docs. The documents attached to these scam letters promote phishing websites, which typically target email account log-in credentials.

The invoice-related fake "Focke & Co" email (image below) is an example of "Google Docs email scam".

What kind of page is mytopwords[.]com?

While inspecting untrustworthy sites, our research team found the mytopwords[.]com rogue webpage. It is designed to deceive visitors into enabling spam browser notification delivery. Additionally, this site can lead users to other (likely unreliable/hazardous) websites.

Pages like mytopwords[.]com are typically accessed via redirects caused by websites that use rogue advertising networks.

What is "UltraViewer Tech Support Scam"?

"UltraViewer Tech Support Scam" refers to technical support scams facilitated through the use of the UltraViewer application.

UltraViewer is a legitimate remote access software which allows users to connect and control systems over a distance. Tech support scammers rely on such programs to gain access/control over their victims' devices. It must be stressed that the developers of this software are not associated with scams; cyber criminals abuse these apps for their own malicious goals.

Technical support scams are promoted on deceptive websites, and they typically involve claims about users' devices being infected but recoverable by calling "expert technicians", "technical support", etc.

What is Video Downloader?

Video Downloader is a rogue browser extension that promises to allow users to download videos off of popular platforms. Our researchers discovered this piece of software while inspecting dubious download webpages. After analyzing the Video Downloader extension, we determined that it is adware.

What is Lavasky ransomware?

Our researchers discovered the Lavasky malicious program, which is classified as ransomware, while investigating new submissions to VirusTotal. Additionally, it is pertinent to mention that Lavasky is part of the VoidCrypt ransomware family.

Once we executed a sample of this ransomware on our testing system, it encrypted data and altered filenames. The original file titles were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".lavasky" extension. For example, a file named "1.jpg" appeared as "1.jpg.(CW-MX8607321954)(blackpirate@cock.li).lavasky".

After the encryption process was completed, Lavasky dropped a text file titled "unlock-info.txt" text file. The message within was the ransom note.