Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Borat?

Borat is the name of a remote access Trojan (RAT). Cybercriminals use RATs to obtain access and remote control on the infected computers. The Borat RAT can be used to deliver ransomware, log keystrokes, perform DDoS attacks, steal login credentials from browsers, and more.

What kind of malware is RED TEAM?

RED TEAM is ransomware that we have discovered while examining the malware samples submitted to VirusTotal. It was found that this ransomware belongs to the Babuk family. It encrypts files, appends the ".REDTM" extension to filenames, and creates the "HowToDecryptYourFiles.txt" file (a ransom note).

An example of how the RED TEAM ransomware modifies filenames: it changes "1.jpg" to "1.jpg.REDTM", "2.png" to "2.jpg.REDTM", "3.exe" to "3.exe.REDTM", and so forth.

What kind of malware is Bec?

Bec is the name of a new Sojusz ransomware variant. After examining this variant, we found that it encrypts files, appends a string of random characters, the beacon@jitjat.org email address, and ".bec" extension to filenames. It also creates the "!!!HOW_TO_DECRYPT!!!.txt" file that contains a ransom note.

An example of how Bec ransomware renames files: it renames "1.jpg" to "1.jpg.[fd4702551a].[beacon@jitjat.org].bec", "2.png" to "2.png.[fd4702551a].[beacon@jitjat.org].bec", and so forth.

What kind of website is flskon[.]click?

Flskon[.]click is an untrustworthy website that runs a scam similar to "Dear [ISP name] user, Congratulations!" and asks for permission to show notifications. We discovered this site while examining various illegal movie streaming pages and torrent sites (and other pages that use rogue advertising networks).

What kind of application is Dark-View?

Our team has discovered the Dark-View browser extension on a deceptive website claiming that it might be required to install this app (for an unspecified reason). We have examined Dark-View and found that it is an advertising-supported application - it generates unwanted advertisements.

What kind of malware is F5Z8A?

F5Z8A is the name of a ransomware variant that we have discovered while analyzing malware samples submitted to the VirusTotal page. It was found that F5Z8A encrypts files and appends the ".F5Z8A" extension to filenames. It also generates a ransom note (the "@@@ To Restore Your Files.txt" file) containing contact information.

An example of how files encrypted by F5Z8A are renamed: "1.jpg" is renamed to "1.jpg.F5Z8A", "2.png" to "2.png.F5Z8A", and so on.

What kind of page is gooddaywith-captcha[.]top?

Gooddaywith-captcha[.]top is a deceptive website that shows a fake CAPTCHA to trick visitors into allowing it to show notifications. Also, this page redirects to other untrustworthy websites. Our team has discovered gooddaywith-captcha[.]top while inspecting sites that use rogue advertising networks.

What is "New Policy Notice" email scam?

After examining this email, we concluded that it is a phishing email used to trick recipients into providing their email account login credentials. It is disguised as a letter from an email service provider regarding some new policy. It contains a website link designed to open a deceptive page.

What kind of page is desktopnotificationshub[.]com?

We have discovered the desktopnotificationshub[.]com page while examining other sites (illegal movie streaming, torrent, and similar pages) that use shady advertising networks. We found that desktopnotificationshub[.]com uses a clickbait technique to get permission to show notifications. It also redirects visitors to other pages of this type.

What kind of malware is Lightning Stealer?

Lightning Stealer is a piece of malware discovered by 3xp0rt. This stealer targets Steam, Telegram, Discord, and cryptocurrency wallet data, passwords, and cookies. It has its administration panel created to manage data logs. Lightning Stealer is sold for 300 rubles for a week, 500 rubles for a month, or 3000 rubles for six months.