Step-by-Step Malware Removal Instructions

Intesa Sanpaolo Email Scam
Phishing/Scam

Intesa Sanpaolo Email Scam

We have inspected this letter and determined that it is a phishing email. Scammers behind it pose as a legitimate banking company (Intesa Sanpaolo). Their goal is to lure recipients into providing login information on a fake web page. Recipients should ignore this letter. The letter is wri

DarkBit Ransomware
Ransomware

DarkBit Ransomware

DarkBit is a ransomware we discovered while investigating new malware submissions to VirusTotal. It operates by encrypting data and demanding ransoms for decryption. Once we launched a sample of DarkBit on our testing system, it began encrypting files and altering their filenames. Affected files

Pdb Ransomware
Ransomware

Pdb Ransomware

While checking the VirusTotal site for recently submitted malware samples, our team discovered a ransomware strain dubbed Pdb. This ransomware encrypts data, appends the ".pdb" extension to filenames, and drops the "pdb.txt" file that contains a ransom note. An example of how Pdb ransomware renam

Blockedvideos.xyz Ads
Notification Spam

Blockedvideos.xyz Ads

Blockedvideos[.]xyz is a rogue page we discovered while inspecting dubious websites. It operates by promoting browser notification spam and redirecting visitors to different (likely untrustworthy/harmful) sites. Most users access pages like blockedvideos[.]xyz through redirects caused by webpages

Pay (VoidCrypt) Ransomware
Ransomware

Pay (VoidCrypt) Ransomware

While analyzing malware samples submitted to VirusTotal, our team discovered a ransomware strain dubbed Pay. We found that Pay is part of the VoidCrypt ransomware family. It encrypts files, appends the paydecryption@gmail.com email address, victim's ID, and ".pay" extension to filenames, and drops

Ninoglostoay.com Ads
Notification Spam

Ninoglostoay.com Ads

While analyzing ninoglostoay[.]com, we found that it shows a deceptive message and asks for permission to show shady notifications. Our team discovered ninoglostoay[.]com while examining sites that use rogue advertising networks. It is uncommon for pages like ninoglostoay[.]com to be accessed inte

Hhee Ransomware
Ransomware

Hhee Ransomware

The Hhee ransomware is a variant of the Djvu family that our team discovered during an analysis of samples on VirusTotal. Hhee operates by encrypting data and adding the ".hhee" extension to the affected files. Upon completion of the encryption process, the ransomware drops a ransom note in the fo

Hhmm Ransomware
Ransomware

Hhmm Ransomware

Our cybersecurity team recently uncovered a new strain of ransomware called Hhmm while analyzing malware samples submitted to VirusTotal. Further investigation revealed that Hhmm is a member of the notorious Djvu ransomware family. The malware operates by encrypting files, appending the ".hhmm" ex

Transitnotice.com Ads
Notification Spam

Transitnotice.com Ads

Transitnotice[.]com is a rogue page that we discovered while checking out suspicious websites. It is designed to push browser notification spam and redirect users to other (likely unreliable/hazardous) sites. Most visitors to transitnotice[.]com and similar webpages enter them via redirects caused

Onenomadtstore.com Ads
Notification Spam

Onenomadtstore.com Ads

While investigating suspicious websites, our researchers discovered the onenomadtstore[.]com rogue page. It endorses browser notification spam and redirects visitors to other (likely unreliable/harmful) sites. Users typically access such webpages via redirects caused by websites that use rogue adv