Step-by-Step Malware Removal Instructions

PayPal - Order Has Been Completed Email Scam
Phishing/Scam

PayPal - Order Has Been Completed Email Scam

After inspecting the "PayPal - Order Has Been Completed" email – we determined that it is spam. This letter is presented as a notification regarding a successful purchase made via PayPal. This spam mail aims to trick recipients into calling the provided helpline and thus getting lured into the sca

Arashpar.xyz Ads
Notification Spam

Arashpar.xyz Ads

Arashpar[.]xyz is a rogue webpage that we discovered while inspecting questionable websites. It is designed to promote browser notification spam and redirect users to different (likely unreliable/harmful) sites. Most visitors to arashpar[.]xyz and similar pages access them via redirects caused by

WhiskerSpy Backdoor
Trojan

WhiskerSpy Backdoor

WhiskerSpy is the name of backdoor malware. Malware of this type is used to gain remote access to computers. It is known that WhiskerSpy is capable of executing shell commands, injecting code into another process, exfiltrating specific files, taking screenshots, and more. It should be removed from

Saw Ransomware
Ransomware

Saw Ransomware

While investigating new submissions to VirusTotal, we found a malicious program called Saw. It is part of the Xorist ransomware family, and like all programs within this group – Saw is designed to encrypt data and demand payment for its decryption. After we executed a sample of Saw ransomware on

Getnomadtblog.com Ads
Notification Spam

Getnomadtblog.com Ads

Getnomadtblog[.]com is a deceptive website that attempts to trick visitors into subscribing to its notifications. This site may also redirect visitors to other pages of similar nature. Our team uncovered getnomadtblog[.]com while investigating illegal movie streaming websites, torrent sites, and s

BRUH (Chaos) Ransomware
Ransomware

BRUH (Chaos) Ransomware

BRUH is ransomware based on Chaos ransomware. We discovered this ransomware strain while inspecting malware samples submitted to the VirusTotal page. BRUH encrypts data, appends a random extension (four random characters) to filenames, changes the desktop wallpaper, and drops the "read_it.txt" fil

Iotr Ransomware
Ransomware

Iotr Ransomware

Iotr is ransomware that belongs to the Djvu ransomware family. Our team discovered this ransomware on VirusTotal while analyzing malware samples submitted to the page. Iotr encrypts files and adds the ".iotr" extension to their filenames. Additionally, it drops the "_readme.txt" file, which contai

Iowd Ransomware
Ransomware

Iowd Ransomware

Our analysis of malware samples submitted to VirusTotal has revealed the existence of a new variant of the Djvu ransomware family, dubbed Iowd. Its main objective is to encrypt files on an infected system. Also, Iowd appends the ".iowd" extension to filenames and creates the "_readme.txt" file wit

Ioqa Ransomware
Ransomware

Ioqa Ransomware

After analyzing malware samples submitted to VirusTotal, we have identified a new ransomware variant known as Ioqa, which is a member of the Djvu ransomware family. The primary objective of Ioqa is to encrypt files on the infected system. As part of the encryption process, Ioqa renames the affecte

Itspeedg.com Ads
Notification Spam

Itspeedg.com Ads

Itspeedg[.]com is a rogue webpage discovered by our researchers during a routine investigation of untrustworthy websites. This page is designed to promote dubious/hazardous software and browser notification spam. Furthermore, it can redirect visitors to other (likely unreliable/malicious) sites.