Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Hajd?

Hajd is the name of ransomware belonging to the Djvu ransomware family. Our team has discovered this variant on VirusTotal. Hajd encrypts files and appends the ".hajd" extension to their filenames. Also, it creates a text file named "_readme.txt". This file contains a ransom note.

An example of how Hajd renames files: it changes "1.jpg" to "1.jpg.hajd", "2.png" to "2.png.hajd", "3.exe" to "3.exe.hajd", and so on.

What kind of malware is Qpss?

Our team has discovered a new ransomware variant belonging to the Djvu family called Qpss. The purpose of Qpss is to encrypt files. Additionally, it appends the ".qpss" extension to filenames and creates the "_readme.txt" file (a ransom note). We have found this ransomware while examining malware samples submitted to VirusTotal.

An example of how Qpss renames files: it changes "1.jpg" file to "1.jpg.qpss", "2.png" to "2.png.qpss", "3.exe" to "3.exe.qpss", and so forth.

What kind of page is systemsecuritys[.]com?

Systemsecuritys[.]com is a rogue webpage that our researchers found while inspecting dubious websites. This page is designed to load deceptive material, push browser notification spam, and redirect visitors to other (likely unreliable/malicious) sites.

Most users enter systemsecuritys[.]com and similar pages via redirects caused by websites using rogue advertising networks.

What is "PancakeSwap" email scam?

After inspecting this "PancakeSwap" email, our researchers determined that it is spam that operates as a phishing scam. The letter claims that the recipient's cryptocurrency wallet will be suspended if it is not validated. This spam mail promotes a phishing page, which closely mimics the genuine PancakeSwap website.

What is FFDroider?

FFDroider is a malicious program classified as a stealer. It is designed to extract and exfiltrate sensitive data from infected devices. FFDroider targets popular social media and e-commerce platforms in particular.

What kind of website is datasecuritycentr[.]com?

Datasecuritycentr[.]com is a deceptive website running the "McAfee - Your PC is infected with 5 viruses!" scam. It also asks for permission to show untrustworthy notifications. Our team has discovered datasecuritycentr[.]com while inspecting illegal movie streaming, torrent, and similar sites.

What kind of malware is Octo?

Octo is the name of the Android malware, a banking Trojan targeting Android users. Octo is pretty similar to another banking Trojan called ExobotCompact that was active until 2018 and targeted financial institutions.

What is "Norton Security Update Is Available Now"?

During a routine inspection of untrustworthy websites, our researchers found the "Norton Security Update Is Available Now" scam. It falsely implies that the visitor's Norton anti-virus is outdated and urges them to renew their subscription.

What kind of scam is "We are closing all mailbox users"?

We inspected this email and concluded that it is a phishing email used to steal email account login credentials. It is disguised as a letter from an email service provider. It contains a website link designed to open a phishing page asking to provide a password.

What is "McAfee Total Protection has expired"?

While inspecting sites that use rogue advertising networks, our research team encountered a webpage promoting the "McAfee Total Protection has expired" scam. We have found two variants of this scheme, which claim that the visitor's McAfee anti-virus subscription has expired and urge them to renew it.