Step-by-Step Malware Removal Instructions

Tab Session Adware
Adware

Tab Session Adware

While checking out deceptive websites, our researchers discovered the Tab Session browser extension. It is presented as a productivity improvement tool that promises easy access and navigation on browsers. However, Tab Session operates as adware. This browser extension runs intrusive ad campaigns

XStealer Malware
Trojan

XStealer Malware

XStealer is a piece of malicious software designed to steal data. This stealer malware can exfiltrate browsing and user information. Therefore, XStealer infections endanger victims' privacy and safety. XStealer, like many stealers, begins its operation by gathering relevant device data (e.

Cipher Ransomware
Ransomware

Cipher Ransomware

While reviewing new submissions to VirusTotal, our research team found the Cipher ransomware. This malicious program is part of the MedusaLocker ransomware family. After a sample of Cipher was executed on our testing system, it began encrypting files and appended their names with a ".cipher" exte

Reportyouridentity.site Ads
Notification Spam

Reportyouridentity.site Ads

While investigating reportyouridentity[.]site, we found that it is a deceptive page designed to trick visitors into believing that their computers are infected. Also, reportyouridentity[.]site asks for permission to show notifications. Our team discovered reportyouridentity[.]site while inspecting

DHL Shipping Document/Invoice Receipt Email Scam
Phishing/Scam

DHL Shipping Document/Invoice Receipt Email Scam

Our analysis of the "DHL Shipping Document/Invoice Receipt" email revealed that it is fake. This spam letter is presented as a notification from DHL - a legitimate logistics, courier, delivery, and express mail company. This mail attempts to trick recipients into disclosing their email account log

TONEINS Trojan
Trojan

TONEINS Trojan

TONEINS is the name of a backdoor malware. This software is designed to open a "backdoor" for additional malicious components or programs into compromised systems. TONEINS, alongside TONESHELL and PUBLOAD, have been observed being distributed in cyberespionage campaigns particularly active in Asi

Uyit Ransomware
Ransomware

Uyit Ransomware

Uyit is ransomware that encrypts files, appends the ".uyit" extension to filenames, and drops a ransom note (the "_readme.txt") file. Uyit is one of the Djvu ransomware variants. We discovered it while checking the VirusTotal page for recently submitted malware samples. It is common for Djvu ranso

Timespace.top Ads
Notification Spam

Timespace.top Ads

Timespace[.]top is a rogue page that our researchers found while inspecting dubious websites. This webpage promotes spam browser notifications and can redirect visitors to other (likely deceptive/malicious) sites. Most users access pages like timespace[.]top via redirects caused by sites using ro

Trigona Ransomware
Ransomware

Trigona Ransomware

Trigona is ransomware that encrypts files and appends the "._locked" extension to filenames. Also, it drops the "how_to_decrypt.hta" file that opens a ransom note. An example of how Trigona renames files: it renames "1.jpg" to "1.jpg._locked", "2.png" to "2.png._locked", and so forth. It embeds t

Bazek Ransomware
Ransomware

Bazek Ransomware

Bazek is ransomware that our team discovered while checking the VirusTotal site for recently submitted malware samples. We found that it encrypts files, appends the ".bazek" extension to filenames, and drops the "README.txt" file containing a ransom note. Our team also learned that there are two