Step-by-Step Malware Removal Instructions

2QZ3 Ransomware
Ransomware

2QZ3 Ransomware

Our research team found the 2QZ3 ransomware while investigating new submissions to the VirusTotal website. This malicious program is part of the Phobos ransomware family. 2QZ3 is designed to encrypt data and demand payment for its decryption. On our test machine, the encrypted files were renamed

Khronos Ransomware
Ransomware

Khronos Ransomware

While checking the VirusTotal page for recently submitted samples, our team discovered Khronos - ransomware that encrypts files. Also, Khronos renames files by appending the ".khronos" extension. For instance, it renames "1.jpg" to "1.jpg.khronos", "2.png" to "2.png.khronos", and so forth. After t

Blockchain.com - Your Account Is Locked Email Scam
Phishing/Scam

Blockchain.com - Your Account Is Locked Email Scam

After analyzing this email, our team identified it as a crypto-related phishing attempt. The scammers masquerade as the blockchain[.]com team and aim to deceive recipients into divulging sensitive information on a phishing website. Recipients should remain cautious and avoid falling victim to such

KiRa (GreatKiRa) Ransomware
Ransomware

KiRa (GreatKiRa) Ransomware

KiRa is ransomware that our team discovered while analyzing malware samples submitted to the VirusTotal page. KiRa encrypts data, appends a random extension consisting of four characters to filenames, changes the desktop wallpaper, and drops a text file containing a ransom note ("read it!!.txt").

Soccer Skills Browser Hijacker
Browser Hijacker

Soccer Skills Browser Hijacker

Based on our examination, we have determined that the Soccer Skills browser extension operates as a browser hijacker. Our findings indicate that Soccer Skills alters certain browser settings to promote hsrc-withus.com. Our analysis has uncovered that hsrc-withus.com is a fake search engine designe

Harmonypix.com Ads
Notification Spam

Harmonypix.com Ads

Harmonypix[.]com is a rogue page that our research team discovered during a routine inspection of suspicious websites. Its purpose is to trick visitors into receiving spam browser notifications. Additionally, this webpage can redirect users to other (likely unreliable/hazardous) sites. Most visit

Browser-shielding.com Ads
Notification Spam

Browser-shielding.com Ads

Our researchers discovered the browser-shielding[.]com rogue webpage during a routine investigation of questionable sites. This page is designed to promote scams and browser notification spam. It can also redirect users to different (likely untrustworthy/dangerous) websites. Visitors to browser-s

SSEAR Ransomware
Ransomware

SSEAR Ransomware

SSEAR is malware that operates as ransomware. Its purpose is to prevent victims from accessing their files by encrypting them. Also, SSEAR appends "_SSEAR" to filenames (e.g., it renames "1.jpg" to "1.jpg_SSEAR", "2.png" to "2.png_SSEAR", etc.), and displays a ransom note in a pop-up window. S

CurrencyTab Browser Hijacker
Browser Hijacker

CurrencyTab Browser Hijacker

CurrencyTab is a rogue piece of software that our researchers discovered while investigating suspicious sites. This browser extension provides easy access to currency conversion rates, and it includes a currency conversion calculator widget. After investigating CurrencyTab, we determined that it

Galaxy Creatures Browser Hijacker
Browser Hijacker

Galaxy Creatures Browser Hijacker

Our investigation of the Galaxy Creatures browser extension revealed that this application functions as a browser hijacker. Our team observed that Galaxy Creatures modifies specific browser settings to promote search.galaxycreature.net. Further analysis revealed that search.galaxycreature.net is a