Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "McAfee Total Protection - Your PC might be infected with viruses!"?

Our team has discovered this scam while visiting pages that use shady advertising networks. After examining the page, we learned that it is a pop-up scam that uses a scare tactic to promote antivirus software (to trick users into purchasing its subscription). It claims that a computer is infected with viruses.

What is ShareAdvantage?

ShareAdvantage is a rogue app that our researchers found when a user reported it on a support forum. After analyzing this application, we determined that it operates as advertising-supported software (adware). Furthermore, ShareAdvantage is part of the AdLoad malware family.

What is RURansom ransomware?

RURansom is a piece of malicious software classified as ransomware. Typically, malware within this classification operates by encrypting files (rendering them inaccessible) to make ransom demands for the decryption (access recovery). However, we learned from the message created by RURansom that this program's goal is to irreversibly encrypt the data of Russian users - as a response to the war in Ukraine.

When we launched a sample on our test system, it encrypted files - but unlike most ransomware-type programs - it did not alter their filenames. Once the encryption process was completed, RURansom dropped a text file titled "Полномасштабное_кибервторжение.txt" onto the desktop and into various folders.

What is Pripyat miner?

Pripyat is a cryptocurrency miner our researchers found while inspecting malware-selling hotspots on the Web. We learned that this piece of malicious software is based on the XMRIG cryptominer. Pripyat malware is designed to abuse the resources of victims' machines to generate Monero (XMR) cryptocurrency.

What kind of scam is "Kaspersky - Your PC is infected with 5 viruses!"?

We have encountered this pop-up scam while examining other pages that use rogue advertising networks (sites that display shady ads and open untrustworthy pages). The purpose of this scam is to trick visitors into believing that their computer is infected with viruses and purchasing an antivirus subscription.

What is History-Cleaner?

Our research team discovered the History-Cleaner browser extension during a routine inspection of questionable download webpages.

Following analysis, we determined that this piece of software operates as a browser hijacker. History-Cleaner modifies browser settings to promote the history-cleaner.xyz fake search engine. Additionally, this extension monitors users' browsing activity.

What kind of program is Best Cleaner?

We have discovered the Best Cleaner (or BCleaner) while examining cracked software download sites. One of those pages was a fake download page for a pirated version of the Microsoft Office suite. Since Best Cleaner is distributed via untrustworthy sites, it is likely bundled with other unwanted apps. Best Cleaner itself is promoted as a PC cleaner.

What kind of malware is A1tft?

Our malware researchers have discovered the A1tft ransomware while examining the samples submitted to the VirusTotal page. They found that A1tft is part of the Hive ransomware family. Cybercriminals use it to encrypt files on infected devices. Additionally, A1tft renames files and creates a ransom note (the "ihr6_HOW_TO_DECRYPT.txt" file).

A1tft appends a string of random characters and the ".a1tft" extension to filenames. For example, it renames "1.jpg" to "1.jpg.aTcpTVSf4Ua8Lr_fs49i72YCINYDrOT68VAS-w_P4VX_IgAAACIAAAA0.a1tft", "2.png" to "2.png.aTcpTVSf4Ua8Lr_fs49i72YCINYDrOT68VAS-w_P4VX_IgAAACIAAAA0.a1tft", and so forth.

What is "1INCH Giveaway"?

"1INCH Giveaway" is a scam that our research team discovered while inspecting sites using rogue advertising networks. This fake giveaway promises that by transferring at least 10,000 1INCH to the listed digital wallet - users will receive triple the amount.

It must be emphasized that the "1INCH Giveaway" is a scam, and all the funds transferred to it - will be irrevocably lost.

What is "Ledger Live Update" scam?

We have analyzed this website and concluded that it is a scam website used to distribute malicious software. This site is likely promoted through compromised (hacked) websites. It is disguised as a download page for the Ledger Live application mandatory update.