Virus and Spyware Removal Guides, uninstall instructions

What is Movieholic?

Movieholic is the name of a rogue browser extension that promises easy access to film streaming websites. After inspecting this piece of software, we determined that it operates as adware. In other words, Movieholic runs intrusive advertisement campaigns, and it has data tracking functionalities.

What kind of scam is "T-Mobile Customer Reward Program"?

After analyzing this scam, we learned that it is a survey scam designed to trick unsuspecting visitors into participating in a fake survey to win a prize. The page running this scam is disguised as the official T-Mobile page. Websites of this kind can never be trusted - no one ever receives any prizes after completing surveys.

What is Nino Colors?

While inspecting dubious download websites, our researchers discovered the Nino Colors rogue browser extension. It is promoted as a tool capable of changing webpage background colors. However, our analysis of this extension revealed that it operates as adware instead.

What kind of page is salletsilvully[.]com?

Salletsilvully[.]com is a deceptive website designed to trick visitors into allowing it to show notifications. Our team discovered it while inspecting other sites that use rogue advertising networks (various illegal streaming, torrent, adult, and similar sites). Another problem with Salletsilvully[.]com is that it can open other untrustworthy pages.

What kind of page is mscreviews[.]com?

Mscreviews[.]com is a rogue webpage that our researchers discovered while checking out dubious sites. This page promotes browser notification spam with the use of fake CAPTCHA verification. Additionally, it can redirect users to other (likely untrustworthy/dangerous) websites.

Most users enter mscreviews[.]com and similar webpages via redirects caused by sites using rogue advertising networks.

What kind of malware is AndreiHelp?

AndreiHelp is ransomware belonging to the Spora ransomware family. We discovered it while checking the VirusTotal page for recently submitted malware samples. The purpose of AndreiHelp ransomware is to encrypt files. In addition to encrypting files, it renames them and drops the "Read_Me!_.txt" file (a text file containing a ransom note) on the desktop.

AndreiHelp renames files by appending the victim's ID, andreihelp@cyberfear email address, and its extension (consisting of four random characters) to filenames. For example, it renames "1.jpg" to "1.jpg[ID=iskm5p-Mail=andreihelp@cyberfear.com].B2tb", "2.png" to "2.png[ID=iskm5p-Mail=andreihelp@cyberfear.com].B2tb", and so forth.

What is OutlookWade?

While inspecting new submissions to VirusTotal, our researchers found the OutlookWade application. After analyzing this app, we determined that it operates as adware and belongs to the AdLoad malware family.

What kind of page is advtreviews[.]com?

While examining advtreviews[.]com, our team found that it is one of the many untrustworthy pages designed to lure visitors into agreeing to receive notifications. Also, advtreviews[.]com can redirect visitors to another (virtually identical) website. We encountered this site while inspecting other pages (sites that use rogue advertising networks).

What is kind of email is "TrustWallet"?

After inspecting this "TrustWallet" email, we determined that it is spam that operates as a phishing scam. Letters of this spam campaign are presented as alerts regarding the imminent suspension of recipients' "TrustWallets" - to prevent which the log-in credentials have to be re-verified.

It must be emphasized that these emails are fake, and they are in no way associated with the real Trust Wallet cryptocurrency wallet.

What kind of malware is Qqri?

While analyzing malware samples submitted to VirusTotal, our team discovered ransomware belonging to the Djvu family called Qqri. It encrypts files and renames them by appending the ".qqri" extension to their filenames. Also, Qqri drops the "_readme.txt" file (a text file containing a ransom note).

An example of how qqri renames files: it changes "1.jpg" to "1.jpg.qqri", "2.png" to "2.png.qqri", "3.exe" to "3.exe.qqri", and so forth.