Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is NBR?

NBR is ransomware belonging to the Dharma family. The purpose of NBR is to encrypt data. Additionally, this ransomware appends the victim's ID, harry023m@aol.com email address, and the ".NBR" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.id-1E857D00.[Harry023m@aol.com].NBR", "2.png" to "2.png.id-1E857D00.[Harry023m@aol.com].NBR", etc.

Also, NBR ransomware displays a pop-up window and creates a file named "README!!!.txt" containing a ransom note.

What kind of page is eukeuktyouex[.]xyz?

Eukeuktyouex[.]xyz is a rogue page that we discovered while inspecting suspect websites. This webpage promotes browser notification spam and redirects users to different (likely unreliable/dangerous) sites.

Visitors to eukeuktyouex[.]xyz and similar pages access them primarily through redirects generated by websites that employ rogue advertising networks.

What kind of page is fumuluckt[.]com?

While inspecting suspect sites, our researchers discovered the fumuluckt[.]com rogue webpage. It is designed to push spam browser notifications and redirect visitors to other (likely unreliable/malicious) websites. Most users access pages like fumuluckt[.]com via redirects generated by sites that use rogue advertising networks.

What kind of page is besteasyclick[.]com?

Our researchers found the besteasyclick[.]com rogue page while checking out untrustworthy websites. This webpage operates by promoting browser notification spam and redirecting visitors to different (likely unreliable/hazardous) websites.

Users primarily access pages like besteasyclick[.]com through redirects caused by sites employing rogue advertising networks.

What kind of malware is Horabot?

Horabot is part of the campaign where threat actors infect machines with a banking Trojan and spam tool. This campaign primarily focuses on Spanish-speaking users in the Americas. Horabot enables attackers to manipulate Outlook mailboxes, extract email addresses, distribute phishing emails with harmful attachments, and acquire login credentials and security codes.

What kind of page is declinerybelfa[.]buzz?

Declinerybelfa[.]buzz is a rogue page that aims to deceive visitors into enabling its browser notification delivery. Additionally, this webpage can generate redirects to other (likely untrustworthy/hazardous) sites.

Most visitors to declinerybelfa[.]buzz and pages akin to it – access them via redirects caused by websites using rogue advertising networks. Our research team discovered declinerybelfa[.]buzz during a routine investigation of sites using said networks.

What kind of application is Download Assist?

Based on our evaluation, it has been determined that the Download Assist application functions as an ad-supported browser extension. This conclusion was reached after observing the display of advertisements by Download Assist. Furthermore, our investigation revealed that Download Assist possesses the ability to access and read various data.

What kind of page is continue-to-read[.]com?

While inspecting dubious websites, our researchers discovered the continue-to-read[.]com rogue page. It promotes questionable content and spam browser notifications. Additionally, this page can redirect visitors to other (likely untrustworthy/harmful) sites.

Users typically access websites like continue-to-read[.]com through redirects generated by pages employing rogue advertising networks.

What kind of application is Browse Boost?

After evaluating the Browse Boost application, our team concluded that it operates as an ad-supported application. This determination was based on the observation of advertisements being displayed by Browse Boost. Additionally, we discovered that Browse Boost has the capability to access and read various data.

What kind of email is "Office Printer"?

After evaluating this email, our team has concluded that it is a fraudulent email sent by scammers with the intention of deceiving recipients and obtaining their personal information. The email is designed to appear as if it pertains to a new scanned document and includes links to a phishing website. Recipients should disregard this email.