Virus and Spyware Removal Guides, uninstall instructions

What kind of application is one dark?

We have discovered the one dark application while inspecting browser notifications delivered by various questionable websites. Once we installed one dark, it hijacked a web browser by changing its settings. We have learned that one dark is a browser hijacker designed to promote yesjis.com - a fake search engine.

What is NetworkStructured?

Our researchers found NetworkStructured when looking through new submissions on VirusTotal. After analyzing this sample, we came to the conclusion that NetworkStructured is an adware belonging to the AdLoad malware family.

We have studied many adware-type applications from this malware group, and they often have browser hijacker features (though NetworkStructured did not exhibit such behavior at the time of research). And these apps tend to track data as well.

What is "Account version is outdated" email scam?

After receiving this email, our team has analyzed it and determined that this is a phishing email used to retrieve email account login credentials. Scammers behind it attempt to trick recipients into believing that their account is outdated and needs to be updated through the provided website link.

What kind of malware is Cip?

While analyzing the Cip ransomware sample, we found out that it belongs to the Dharma ransomware family. We also noticed that it encrypts files and appends the victim's ID, ciphercrypt@tuta.io] email address and the ".cip" extension to filenames. For example, it renames "1.jpg" to "1.jpg.cip", "document.txt" to "document.txt.cip".

Like most ransomware variants, Cip ransomware provides contact information (and other details regarding data recovery). It displays a pop-up window and creates the "info.txt" file containing ransom notes.

What is Clipboard Sync Beta?

We detected Clipboard Sync Beta when researching scam websites. This adware-type browser extension was promoted by the "Install the extension for Chrome to protect your privacy" scam.

This piece of software promises to sync clipboard data between two desktop devices; instead, it runs intrusive advert campaigns (displays ads).

What kind of page is important-incoming-news[.]com?

Important-incoming-news[.]com was detected by our research team during a routine inspection of suspicious webpages. This site is designed to push its browser notifications, and it can cause redirects to other untrustworthy/malicious pages. Websites akin to important-incoming-news[.]com are primarily accessed via ones using rogue advertising networks.

What is the "Install the extension for Chrome to protect your privacy" scam?

Our researchers encountered the "Install the extension for Chrome to protect your privacy" scam while inspecting browser notifications delivered by various questionable sites. Specifically, an ad delivered by important-incoming-news[.]com that promoted a website running the scam in question.

Typically, schemes of this kind are used to promote a wide variety of untrustworthy software like fake anti-viruses, adware, browser hijackers, and PUAs (Potentially Unwanted Applications). This scam endorsed the Clipboard Sync Beta adware at the time of research.

What is MTX ransomware?

When searching VirusTotal for new malware submissions, our researchers found yet another malicious program belonging to the Dharma ransomware family. This ransomware-type program is called MTX.

On our test system, this malware encrypted files and appended their titles a unique ID, the cyber criminals' email address, and a ".MTX" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id-9ECFA84E.[mtx88@onionmail.org].MTX".

Once the encryption was completed, MTX displayed a pop-up window and created a text file "info.txt" on the desktop - both contained ransom notes.

What is the McAfee: SECURITY ALERT pop-up scam?

We have encountered the "McAfee: SECURITY ALERT" fake virus notification displayed by a deceptive website while visiting other pages that use rogue advertising networks. This scam is similar to many other scams that our team has discovered before. Websites of this type (fake notifications displayed by them) must be ignored.

What kind of page is bestfaustcaptcha[.]top?

Our researchers found bestfaustcaptcha[.]top when analyzing shady websites. This page is a typical example of browser notification spam promotion. In addition to pushing its notifications, bestfaustcaptcha[.]top can redirect visitors to other questionable/malicious sites.

We accessed this webpage through another that uses rogue advertising networks; it is the most likely entry point to sites like bestfaustcaptcha[.]top. Other ways to enter them include mistyped URLs, redirects caused by browser notifications/ intrusive ads or by installed harmful software.