Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Wanqu?

Wanqu is the name of ransomware that encrypts and renames files (by appending the ".Wanqu" extension) and drops "RESTORE_FILES_INFO.txt" and "RESTORE_FILES_INFO.hta" files (ransom notes) on the desktop. Our team discovered Wanqu while inspecting malware samples submitted to the VirusTotal website.

An example of how Wanqu modifies filenames: it renames "1.jpg" to "1.jpg.Wanqu", "2.png" to "2.png.Wanqu", and so forth.

What is AuroraShack?

While investigating new submissions to VirusTotal, our researchers found the AuroraShack application. After analyzing it, we determined that this app operates as adware (i.e., runs intrusive ad campaigns) and belongs to the AdLoad malware family.

What is fake mobile banking rewards malware?

A new version of Android malware has emerged recently, targeting customers of Indian banks. Cybercriminals behind this campaign are using fake banking rewards applications to trick users into installing information-stealing malware with remote access trojan (RAT) capabilities. Their goal is to steal sensitive information.

What kind of page is mscmart[.]com?

While investigating untrustworthy sites, our researchers found the mscmart[.]com rogue page. It pushes spam browser notifications and redirects visitors to other (likely questionable/malicious) websites. Users typically enter mscmart[.]com and similar pages through redirects caused by websites using rogue advertising networks.

What kind of page is pushyoumail[.]com?

Pushyoumail[.]com is a rogue website that promotes browser notification spam and causes redirects to different (likely untrustworthy/malicious) sites. Our research team discovered this page during a routine investigation of suspicious websites. Users typically enter webpages of this kind via redirects caused by sites using rogue advertising networks.

What kind of page is service-2022[.]site?

While inspecting dubious webpages, our researchers discovered the service-2022[.]site rogue site. It operates by promoting scams, pushing browser notification spam, and redirecting visitors to other (likely untrustworthy/malicious) websites.

Most users access pages like service-2022[.]site via redirects caused by sites using rogue advertising networks, mistyped URLs, spam notifications, intrusive ads, or installed adware.

What kind of page is fonto[.]club?

Fonto[.]club is a rogue page that our researchers discovered while inspecting suspicious websites. It is designed to promote deceptive material, push browser notification spam, and redirect visitors to other (likely untrustworthy/harmful) webpages.

Most users enter fonto[.]club and similar websites through redirects caused by pages that use rogue advertising networks.

What kind of page is basis-antivirus[.]com?

After examining basis-antivirus[.]com, we found that this page is designed to trick visitors into paying for legitimate software by displaying deceptive content. Also, it asks visitors for permission to show notifications. Our team discovered basis-antivirus[.]com while inspecting websites that use rogue advertising networks.

What is exploretoday.co?

Exploretoday.co is the URL of a fake search engine. These websites are typically promoted by browser-hijacking software, which modifies browser settings in order to cause redirects to illegitimate search engines. Furthermore, both the promoted sites and browser hijackers usually collect private data.

What kind of page is wukbgater[.]buzz?

While examining wukbgater[.]buzz, we found that this page uses a clickbait technique to trick visitors into agreeing to receive notifications. Also, it redirects to other shady websites. Thus, wukbgater[.]buzz cannot be trusted/should not be visited. Our team discovered wukbgater[.]buzz while inspecting pages that use rogue advertising networks.