Virus and Spyware Removal Guides, uninstall instructions

What is "CLAIM FREE $TOSHI"?

In our examination of the site, we discovered that it promotes the opportunity for individuals to obtain free cryptocurrency ($TOSHI). However, this scheme is among many designed to steal cryptocurrency from victims. Users are strongly recommended to disregard such pages to prevent financial loss and other possible complications.

What kind is the fake "Save to Google Drive" browser extension?

Our research team discovered a fake Google extension – "Save to Google Drive" – while investigating a Torrenting site that uses rogue advertising networks. This extension has data-tracking abilities and can make various modifications to browser settings.

It must be emphasized that this "Save to Google Drive" software is not associated with the Google Drive file storage/synchronization service or its developer – Google.

What is the fake "Telegram Giveaway TON" page?

Upon investigating the site, we found it to be a fraudulent website posing as the official ton[.]org page. Scammers have crafted this deceptive webpage with the intention of swindling cryptocurrency from unsuspecting users. Their goal is to deceive users into taking actions that lead to the theft of their digital assets.

What kind of malware is Senator?

Through our analysis of the Senator malware, we determined that it is ransomware employed by cybercriminals to coerce victims to pay a ransom. We discovered Senator ransomware while examining malware samples on VirusTotal. In addition to encrypting files, Senator modifies filenames and drops a ransom note ("SENATOR ENCRYPTED.txt").

Senator renames files by appending an email address, victim's ID, and ".SENATOR" extension to filenames. For example, it renames "1.jpg" to "1.jpg.EMAIL=[senatorrans@gmail.com]ID=[A42C7FF44C09822A].SENATOR", "2.png" to "2.png.EMAIL=[senatorrans@gmail.com]ID=[A42C7FF44C09822A].SENATOR", and so forth.

What kind of email is "HSBC Transfer Request"?

After reviewing the "HSBC Transfer Request" email, we determined that it is fake. The spam letter is presented as a banking transfer request from HSBC; this lure is used to deceive recipients into disclosing their email log-in credentials to a phishing website.

It must be stressed that this mail is not associated with HSBC Holdings plc or any other legitimate entities.

What kind of malware is Lethal Lock?

In the course of our inspection of malware samples submitted to VirusTotal, we came across a ransomware variant dubbed Lethal Lock. This ransomware encrypts files and appends its extension to filenames (".LethalLock"). Also, Lethal Lock generates a ransom note ("SOLUTION_NOTE.txt") and changes the victim's desktop wallpaper.

An example of how files encrypted by Lethal Lock are renamed: "1.jpg" is changed to "1.jpg.LethalLock", "2.png" to "2.png.LethalLock", and so forth.

What is My Horoscope Pro?

During our examination of the My Horoscope Pro application, we discovered that it changes the settings of a web browser to promote a specific address. Our analysis concluded that My Horoscope Pro is an unreliable browser extension that operates as a browser hijacker. Users should avoid adding apps of this type to browsers.

What is "Notification Concerning Your Netflix Account"?

While examining the mail, we discovered it to be a phishing email, a fraudulent attempt to extract personal information from recipients. This letter is disguised as a notification from Netflix regarding the recipient's Netflix account. Anyone who receives this letter should disregard it.

What kind of scam is "Claim $ORA"?

Upon reviewing the website, it became evident that it portrays itself as a credible platform for acquiring cryptocurrency. Yet, our investigation revealed its fraudulent nature, designed to deceive unsuspecting users into undertaking actions that result in financial losses, such as the theft of their cryptocurrency.

What kind of scam is "Zora Mint"?

"Zora Mint scam" refers to fake websites that imitate Zora (zora.co). These fraudulent pages entice users into exposing their digital wallets by offering NFT (Non-Fungible Token) minting (i.e., creating) opportunities. This scam operates as a cryptocurrency drainer.