Virus and Spyware Removal Guides, uninstall instructions

What is Correos email scam?

After examining this email, we found that the scammers behind it pretend to be a state-owned company that provides postal service in Spain. The email is written in Spanish. Scammers use it to trick recipients into opening a fake Correos website and providing sensitive information. The email is written in Spanish.

What is DockMode?

DockMode is an adware-type application that our researchers discovered during a routine inspection of new submissions to VirusTotal. We learned that this app belongs to the AdLoad malware family.

Our analysis revealed that this piece of software runs intrusive advertisement campaigns and may have browser-hijacking and data-tracking abilities.

What kind of application is EditWave?

While examining deceptive websites (fake installers downloaded from them) we found an application called EditWave. It is unlikely that user would install this software on purpose. We found that EditWave an advertising-supported application - it bombards users with intrusive advertisements.

What kind of malware is Po?

Po is ransomware belonging to the Dharma family. We discovered this ransomware while analyzing malware samples submitted to the VirusTotal website. Po encrypts files, appends the victim's ID, recovery2022@tutanota.com email address, and ".Po" extension to filenames. Also, it provides two ransom notes: it displays a pop-up window and creates the "info.txt" file.

An example of how Po ransomware modifies filenames: it renames "1.jpg" to "1.jpg.id-9ECFA84E.[recovery2022@tutanota.com].Po", "2.png" to "2.png.id-9ECFA84E.[recovery2022@tutanota.com].Po", "3.exe" to "3.exe.id-9ECFA84E.[recovery2022@tutanota.com].Po", and so forth.

What kind of page is ads4pc[.]com?

During a routine inspection of untrustworthy sites, our researchers found the ads4pc[.]com rogue webpage. It operates by pushing browser notification spam and redirecting visitors to other (likely unreliable/harmful) websites. Most users enter these pages through redirects caused by sites using rogue advertising networks.

What is "style flex"?

Our researchers discovered a rogue browser extension named style flex while inspecting dubious download webpages. This piece of software promises to allow users to modify website content alignment (i.e., left, right, center, etc.). However, our analysis revealed that it operates as advertising-supported software (adware).

What is Root (Chaos) ransomware?

While inspecting new submissions to VirusTotal, our research team discovered yet another ransomware - called Root - based on Chaos.

We executed a sample of Root (Chaos) ransomware on our test machine, and it began encrypting files. The filenames of the affected files were appended with the ".Root" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.Root", "2.png" as "2.png.Root", etc.

Afterwards, a ransom note - "read_it.txt" - was created and the desktop wallpaper was changed.

What is "M&T Bank" email scam?

Our inspection of the "M&T Bank" email revealed that it is spam that operates as a phishing scam. This fake letter is presented as a payment notification from the M&T Bank - a legitimate bank holding company.

However, users are redirected to a fraudulent banking website when they attempt to use the link within the email to cancel the charge. These sites are classified as phishing scams, and they target a wide variety of vulnerable data (e.g., banking account log-in credentials, etc.).

What kind of page is personal-scan[.]com?

Personal-scan[.]com is one of the deceptive websites operated by affiliates who aim to collect illegitimate commissions. After examining this site, we found that it displays deceptive content (a scam similar to "McAfee - Your PC is infected with 5 viruses!") to promote legitimate software.

Also, personal-scan[.]com asks for permission to show notifications. We discovered it while inspecting other shady websites.

What kind of application is Top Files Downloader?

We discovered a browser extension called Top Files Downloader on a shady website claiming that it might be required to add this app to a browser. After adding and testing the app, we learned that it displayed unwanted/annoying advertisements. Thus, we classified Top Files Downloader as adware.