Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is the Iranian banking trojan?

Iranian banking trojan refers to an Android-specific malware targeting the customers of multiple Iranian banks. The first campaigns involving this trojan were observed back in December of 2022. While having undergone several iterations, these campaigns are still active as of the time of writing.

The initial volley comprised 40 malicious apps used as a guise for this trojan, but this operation has expanded to another 250. The primary goal of this malware is to obtain banking-related information, yet the newest variants have broadened their horizons to include cryptocurrency wallets.

What kind of application is AdminLibrary?

Our research team discovered the AdminLibrary rogue app while investigating new submissions to the VirusTotal website. Upon inspection, we identified this application as adware belonging to the AdLoad malware family. AdminLibrary operates by running intrusive advertisement campaigns.

What kind of email is "Your Encrypted Voice Message"?

After reviewing the "Your Encrypted Voice Message" email, we determined that it is spam. Presented as a notification regarding received voicemails, this phishing letter aims to trick recipients into disclosing their email account log-in credentials.

What kind of scam is "Firewall Update Required"?

Our researchers discovered the "Firewall Update Required" scam during a routine inspection of deceptive websites. Upon investigation, we determined that this is a technical support scam. It falsely claims that the user's device is infected due to outdated Windows firewall security.

The goal is to deceive victims into contacting fake tech support and luring them into an elaborate scheme that can result in a variety of incredibly severe issues.

What kind of application is Aves?

In the course of our review, it has been identified that Aves is a malicious browser extension capable of taking control of a web browser and gathering various information. The discovery of Aves took place when analyzing a malicious installer acquired from a deceptive website.

What is Maersk Line phishing campaign?

Upon examination, it has been established that this email is a fraudulent message sent by scammers posing as Maersk Line, a reputable shipping company. Scammers behind this email aim to trick unsuspecting recipients into opening the presented link and providing personal information. Emails of this nature are known as phishing emails.

What kind of malware is LEAKDB?

While investigating new submissions to VirusTotal, our research team discovered another ransomware from the Phobos family called LEAKDB. Malware within this classification encrypts data and demands payment for its decryption.

On our test machine, LEAKDB ransomware encrypted files and altered their titles. Original filenames were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".LEAKDB" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3143].[pcsupport@skiff.com].LEAKDB".

After the encryption process was concluded, ransom notes were created in a pop-up window ("info.hta") and text file ("info.txt"), which were dropped into every encrypted directory and on the desktop. Based on the messages therein, it is evident that LEAKDB targets companies rather than home users.

What kind of program is SpaceRaces?

Upon close inspection, the outcome of our examination is that SpaceRaces is a potentially harmful application distributed via a malicious installer. SpaceRaces is installed concurrently with numerous other undesired components. This software has been observed operating in the Task Manager under the guise of "Volume - advanced Windows volume control".

What kind of application is FoundryIntelligence?

Upon our examination, it has become apparent that FoundryIntelligence is an advertising-supported application that displays annoying advertisements. Typically, users install apps like FoundryIntelligence on their computers without fully understanding what issues these apps can cause.

What kind of malware is Jazi?

Jazi, identified through the examination of samples submitted to VirusTotal, operates as ransomware upon infiltrating a system. Upon infiltration, it encrypts files, appends the ".jazi" extension to filenames, and leaves behind a ransom note labeled "_readme.txt". An example of the file renaming process is the transformation of "1.jpg" to "1.jpg.jazi", "2.png" to "2.png.jazi", etc.

It is essential to underscore the association of Jazi with the Djvu ransomware family. Notably, threat actors in the cyber realm have been observed deploying ransomware from this particular family concurrently with information stealers like Vidar and RedLine.