Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Revive?

Revive is the name of a banking Trojan targeting Android users (customers of a specific Spanish bank). It steals sensitive information. Cybercriminals use Revive to take ownership of online accounts using stolen login credentials. This malware abuses Accessibility Services to perform malicious activities.

What is HybridSpace?

While looking through new submissions to VirusTotal, our research team found the HybridSpace application. After inspecting this piece of software, we determined that it is adware belonging to the AdLoad malware family.

What kind of page is trusted-check[.]xyz?

Trusted-check[.]xyz is one of the many deceptive websites that display deceptive content to trick visitors into allowing them to display notifications. Moreover, this site can open various scams and other untrustworthy pages. We have discovered trusted-check[.]xyz while analyzing other pages that use rogue advertising networks.

What is BlueSky ransomware?

BlueSky is the name of a malicious program classified as ransomware. Malware of this type is designed to encrypt data and demand ransoms for the decryption.

When we executed a sample of BlueSky on our test machine, it encrypted files and appended their filenames with a ".bluesky" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.bluesky", "2.png" as "2.png.bluesky", and so on.

Afterward, two identical ransom notes - "# DECRYPT FILES BLUESKY #.html" and "# DECRYPT FILES BLUESKY #.txt" - were dropped onto the desktop.

What kind of software is TripleWhole?

Our malware researchers have discovered TripleWhole while examining deceptive pages claiming that it is required to update the Adobe Flash Player (with a fake installer). After downloading and installing TripleWhole, we found that it functions as adware. The purpose of this application is to display annoying advertisements.

What kind of email is "City National Bank"?

Our inspection of this "City National Bank" email revealed that it is malspam - malicious spam mail intended to infect recipients' systems with malware.

It must be emphasized that these spam letters are in no way associated with City National Bank or any other similarly named financial institution. These scam emails aim to infiltrate the Remcos RAT (Remote Access Tool/Trojan) into recipients' devices.

What kind of page is superiorprotectionpc[.]com?

Superiorprotectionpc[.]com is a rogue page that our research team discovered while inspecting untrustworthy sites. This webpage promotes scams, pushes browser notification spam, and redirects visitors to other (likely unreliable/malicious) websites.

Users typically enter pages like superiorprotectionpc[.]com through redirects caused by sites using rogue advertising networks.

What is ConsoleControl?

ConsoleControl is an application we found while inspecting new submissions to VirusTotal. Our analysis of this app revealed that it is adware belonging to the AdLoad malware family.

What is DENO ransomware?

Our researchers discovered the DENO ransomware while inspecting new submissions to VirusTotal. We determined that this malicious program is based on the CONTI ransomware.

After we executed a sample of DENO on our test system, it encrypted files and appended their filenames with a ".DENO" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.DENO", "2.png" as "2.png.DENO", etc. Once the encryption process was finished, a ransom note named "readme.txt" was created.

What is Warlocks ransomware?

While inspecting new submissions to VirusTotal, our research team found yet another ransomware-type program based on Chaos ransomware.

This malicious program is called Warlocks, and we released a sample of it on our test system. Afterward, this ransomware encrypted files and appended their filenames with a ".warlocks" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.warlocks", "2.png" as "2.png.warlocks", etc.

Once the encryption process was completed, a ransom-demanding message titled - "read_it.txt" - was dropped onto the desktop.