Virus and Spyware Removal Guides, uninstall instructions

What kind of page is picprosto[.]click?

We have discovered the picprosto[.]click website after receiving an email containing a link to it. After examining the page, we found that it displays a deceptive message to trick visitors into agreeing to receive notifications. It is worth mentioning that pages like picprosto[.]click usually are promoted via other pages that use rogue advertising networks.

What is the "BlockChain" scam?

While inspecting deceptive websites, our research team found the "BlockChain" scam. It operates as a phishing scam. This scheme attempts to obtain victims' BlockChain cryptocurrency wallet log-in credentials.

What kind of email is "336 Parts B.V."?

After analyzing the "336 Parts B.V." email, we determined that it is spam. This email concerns a fake invoice to view which - recipients are asked to log in again using their email account. However, the sign-in page is a phishing website designed to record the information provided to it.

Therefore, users can lose their email accounts and content associated with them by attempting to log in through the webpage promoted by "336 Parts B.V.".

What is the "DUY THANH EXPORT" email virus?

Our team has examined this email and discovered that the cybercriminals behind it aim to trick recipients into opening the attached file. They pretend to be a company called "DUY THANH EXPORT & IMPORT CO .LTD" and claim that the file attached to this email is a purchase order. That file is malicious and likely to be used to deliver NanoCore RAT.

What kind of malware is Spark?

Spark is the name of ransomware discovered by MalwareHunterTeam. It is a type of malware that encrypts files to make them inaccessible until victims decrypt them with a tool purchased from the attackers. Also, it appends the ".Spark" extension to filenames and displays a pop-up window containing a ransom note.

An example of how Spark modifies filenames: it renames "1.jpg" to "1.jpg.Spark", "2.png" to "2.png.Spark", and so forth.

What kind of page is scanoclean[.]com?

During a routine inspection of dubious webpages, our research team discovered the scanoclean[.]com site. It is designed to promote deceptive material, push browser notification spam, and redirect visitors to different (likely questionable/malicious) websites. Most users access such pages via redirects caused by sites using rogue advertising networks.

What is "SYSTEM NOTIFICATION" email scam?

"SYSTEM NOTIFICATION" is the name of an email spam campaign. We found two practically identical variants of these emails. Both operate as phishing scams; they attempt to trick recipients into disclosing their email account log-in credentials by claiming that several messages have not reached the inbox and will be deleted soon - unless action is taken.

What kind of page is devicespam-shield[.]com?

While inspecting deceptive websites, we discovered the devicespam-shield[.]com rogue page. It promotes scams, pushes spam browser notifications, and redirects visitors to other (likely untrustworthy/malicious) sites. Users typically enter such pages via others that use rogue advertising networks.

What is Clear Search?

Clear Search is a rogue browser extension. After analyzing this piece of software, we learned that it is a browser hijacker. Clear Search operates by modifying browser settings to cause redirects to the clear-search.com fake search engine.

What kind of application is SearcheeBoo!?

After downloading and installing the SearcheeBoo! application, we learned that it is designed to hijack web browsers. This application forces users to browse the web with a fake search engine (searcheeboo.com). It promotes searcheeboo.com by changing the settings of a web browser.