Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "Chc Energy"?

After inspecting this "Chc Energy" email, we determined that it is spam designed to proliferate malware (malspam). This letter is presented as a notification regarding a blocked registration with CHC ENERGY.

It must be emphasized that these fake emails are in no way associated with this or any other legitimate company. The goal of this spam mail is to infect recipients' devices with the Grandoreiro banking trojan.

What is Skip Over Ads?

Skip Over Ads is the name of a rogue browser extension that our researchers discovered while inspecting dubious download sites. This piece of software promises to block and/or auto-skip advertisements on YouTube. Instead, as our analysis revealed, Skip Over Ads operates like adware - software that displays ads.

What kind of malware is Bahamut?

Bahamut is the name of Android malware with spyware functionality. Threat actors use Bahamut to steal sensitive information. The newest malware version targets various messaging apps and personally identifiable information.

What is Killer ransomware?

Killer is the name of a ransomware-type program that our researchers discovered while inspecting new malware submissions to VirusTotal. On our test machine, this program encrypted files and modified their titles.

The filenames were prepended with the cyber criminals' email address and a unique ID assigned to the victim, and they were also appended with the ".kill" extension. For example, a file named "1.jpg" appeared as "[crypter@firemail.de][9ECFA84E]1.jpg.kill".

Once the encryption was completed, Killer ransomware created a ransom note titled "#FILES-ENCRYPTED.txt". Additionally, this ransomware displayed a message before the log-in screen, informing victims of the attack and instructing them to read the ransom note.

What kind of malware is Ransom Cartel?

Ransom Cartel is ransomware that blocks access to files by encrypting them and appends five random characters to filenames. It also creates a text file (named "[extension]-readme.txt") containing a ransom note. Ransom Cartel is similar to another ransomware called Sodinokibi.

An example of how Ransom Cartel renames files: it changes "1.jpg" to "1.jpg.nzvmn", "2.png" to "2.png.nzvmn", "3.exe" to "3.exe.nzvmn", and so forth.

What kind of page is systemopc[.]xyz?

Systemopc[.]xyz is an untrustworthy page running the "McAfee - Your PC is infected with 5 viruses!" scam. Our team has discovered this site while inspecting other websites that use rogue advertising networks. The purpose of systemopc[.]xyz is to fraudulently promote legitimate software and receive permission to show notifications.

What is EmpireFocus?

EmpireFocus is a piece of rogue software that our research team found while inspecting new submissions to VirusTotal. After analyzing this app, we determined that it operates as adware and belongs to the AdLoad malware family.

What kind of scam is "Your Group Sent You A Message"?

After examining the email, our team has concluded that it is a phishing email containing a link that opens a deceptive page. The purpose of this email is to trick recipients into providing sensitive information. It is disguised as a letter regarding some final report.

What is Baal ransomware?

Our researchers discovered the Baal ransomware while inspecting new submissions to VirusTotal. This malicious program is part of the Makop ransomware family. Once a sample of Baal was launched on our test system, this ransomware encrypted files and altered their filenames.

The titles of affected files were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".baal" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.[2AF20FA3].[baal0625@goat.si].baal". Afterward, Baal dropped a ransom note - "readme-warning.txt" - onto the desktop.

What kind of page is computeradsnetwork[.]com?

Computeradsnetwork[.]com is a rogue webpage that our researchers found while checking out untrustworthy sites. It operates by promoting spam browser notifications and redirecting visitors to different (likely unreliable/malicious) websites.

Users typically enter pages like computeradsnetwork[.]com through redirects caused by sites using rogue advertising networks.