Step-by-Step Malware Removal Instructions

TerraStealerV2 Malware
Trojan

TerraStealerV2 Malware

TerraStealerV2 is a malware designed to steal vulnerable data from infected devices. This stealer was developed by a threat actor dubbed "Golden Chickens" (also known as Venom Spider). As of the time of writing, it is likely that TerraStealerV2 is still under development since its stealth capabili

TerraLogger Malware
Trojan

TerraLogger Malware

TerraLogger is a keylogger. Five versions of this malicious program were developed between January and April of 2025; the frequency and the developers' modus operandi suggest that TerraLogger is still in active development. As the classification implies, this malware is designed to record keystrok

PDFast Unwanted Application
Potentially unwanted application

PDFast Unwanted Application

PDFast is an app promoted as a tool capable of converting file formats, such as turning Microsoft Office files into PDF documents. This piece of software is classed as a PUA (Potentially Unwanted Application). PDFast has been observed being used to distribute malware. PDFast is a Potential

LockZ Ransomware
Ransomware

LockZ Ransomware

LockZ is ransomware that encrypts files and appends its extension (".lockz") to files. After encryption, files look like this: "1.jpg" is changed to "1.jpg.lockz", "2.png" to "2.png.lockz", and so forth. Also, LockZ changes the desktop wallpaper and drops a ransom note ("@HELP_HERE_TO_RESCUE_YOUR_

Werterware.com Ads
Notification Spam

Werterware.com Ads

In our analysis of werterware[.]com, we found it to be a fraudulent web page that uses deception to trick visitors into agreeing to receive its notifications. If permission to send notifications to werterware[.]com is granted, the site bombards users with fake warnings/alerts and similar content.

Chailink Treasury Reward Scam
Phishing/Scam

Chailink Treasury Reward Scam

We have inspected the site (rewarding-chainlink[.]com) and found that it is a fake website mimicking the official Chainlink (chain.link) page. Scammers use this fraudulent page to lure visitors into taking steps that can lead to significant financial losses. It is important to be careful when inte

Lyrix Ransomware
Ransomware

Lyrix Ransomware

Our researchers discovered Lyrix ransomware while reviewing new submissions to the VirusTotal website. Malware within this classification is designed to encrypt data and demand payment for its decryption. On our test machine, Lyrix encrypted files and added an extension comprising ten random char

SumUp - Update Your Profile Email Scam
Phishing/Scam

SumUp - Update Your Profile Email Scam

Our team has examined the email and concluded that it is a scam (a phishing attempt). The email is disguised as a notification regarding the SumUp account suspension. SumUp is a legitimate financial technology company that has nothing to do with this fraudulent email. Recipients should ignore this

MT103 Payment Advice Email Scam
Phishing/Scam

MT103 Payment Advice Email Scam

We have inspected the email and found that it is a scam email. It masquerades as a credit notice to trick recipients into opening a fake web page and disclosing personal information. These types of scams are known as phishing attempts. Recipients should ignore such emails to avoid potential issues

Pres Ransomware
Ransomware

Pres Ransomware

During our inspection of malware samples uploaded to VirusTotal, we encountered Pres, a new ransomware from the Dharma family. This ransomware encrypts files and appends the victim's ID, contact email address, and ".pres" extension to filenames. Pres also displays a ransom note in a pop-up window