Virus and Spyware Removal Guides, uninstall instructions

What kind of page is news-waxawo[.]com?

While inspecting shady websites, our research team discovered news-waxawo[.]com. This rogue page is designed to push browser notification spam and redirect visitors to different (likely unreliable/malicious) sites. Most visitors to webpages like news-waxawo[.]com access them through redirects caused by websites using rogue advertising networks.

What kind of page is defenceprogramm[.]com?

Defenceprogramm[.]com is a rogue site that our research team found while inspecting deceptive webpages. This page operates by promoting scams, pushing browser notification spam, and redirecting visitors to other (likely untrustworthy/malicious) websites.

Users typically enter webpages like defenceprogramm[.]com via redirects caused by sites using rogue advertising networks.

What is Sijr ransomware?

Discovered by Petrovic, Sijr is a piece of malicious software belonging to the Djvu ransomware family. We obtained a sample of this ransomware from VirusTotal and executed it on our test machine.

Sijr encrypted the files on our test system and appended their filenames with a ".sijr" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.sijr", "2.png" as "2.png.sijr", etc. Afterwards, Sijr created a ransom note named "_readme.txt".

What is Bbnm ransomware?

Bbnm is the name of a malicious program categorized as ransomware. We determined that this program belongs to the Djvu ransomware family.

After being launched onto our test machine, Bbnm encrypted files and appended their filenames with a ".bbnm" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.bbnm", "2.jpg" as "2.jpg.bbnm", and so on for all of the affected files.

Once the encryption process was completed, a ransom-demanding message "_readme.txt" - was dropped onto the desktop.

What kind of malware is 3Ex2BJT2aiqDJKPAFeuWMbB4T6MhML384p clipper?

Our team has discovered a clipper malware called 3Ex2BJT2aiqDJKPAFeuWMbB4T6MhML384p while inspecting cracked software download websites. Cybercriminals use this malware to steal Bitcoin cryptocurrency. We also found that the installer containing 3Ex2BJT2aiqDJKPAFeuWMbB4T6MhML384p malware injects additional unwanted software.

What is "Please find attached receipt" email scam?

After analyzing the "Please find attached receipt" email, we determined that it operates as a phishing scam. This letter promotes a website disguised as an email sign-in webpage that targets account log-in credentials (i.e., passwords).

What kind of page is betaengine[.]org?

Betaengine[.]org is one of the many deceptive pages designed to trick visitors into agreeing to receive their notifications. Most of these pages are promoted via other pages that use rogue advertising networks (e.g., illegal movie streaming pages, torrent sites). We have discovered betaengine[.]org while examining one of those sites.

What kind of page is news-zafewi[.]cc?

While looking through untrustworthy websites, our research team discovered the news-zafewi[.]cc rogue page. It pushes browser notification spam and redirects visitors to different (likely unreliable/malicious) sites. Most visitors to webpages like news-zafewi[.]cc enter them through redirects caused by websites that use rogue advertising networks.

What kind of website is shwfpd[.]com?

The purpose of shwfpd[.]com is to promote untrustworthy websites. It redirects visitors to those pages and promotes them via its notifications. Shwfpd[.]com displays deceptive content to trick visitors into agreeing to receive notifications). We have discovered shwfpd[.]com while visiting other shady websites that use rogue advertising networks.

What is Selena ransomware?

During a routine inspection of new malware submissions to VirusTotal, our research team discovered the Selena ransomware-type program. We obtained a sample for testing from VirusTotal.

On our test machine, this malicious program encrypted files and altered their filenames. The names of affected files were changed according to this pattern - a unique ID assigned to the victim, the cyber criminals' email address, the original filename, and a ".selena" extension. For example, a file initially titled "1.jpg" appeared as "id[q2TQAj3U].[Selena@onionmail.org].1.jpg.selena".

Once the encryption process was completed, this ransomware created a text file named "selena.txt" on the desktop. This file contained a ransom note, based on which we could conclude that Selena targets companies rather than home users.