Step-by-Step Malware Removal Instructions

Ducktail PHP Stealer
Trojan

Ducktail PHP Stealer

Ducktail is the name of an information-stealing malware. Earlier, Ducktail (.NetCore version) was used to steal Facebook Business accounts (threat actors targeted people with Facebook Business Accounts). Now, this malware (PHP version of Dukctail) is being used to steal all types of accounts (inc

Vital-scanner.com Ads
Notification Spam

Vital-scanner.com Ads

We discovered the vital-scanner[.]com rogue webpage while inspecting dubious sites. This page is designed to promote scams, push spam browser notifications, and redirect users to different (likely unreliable/harmful) websites. Most visitors to vital-scanner[.]com and similar webpages enter them v

Internal-scanning.com Ads
Notification Spam

Internal-scanning.com Ads

Internal-scanning[.]com is a rogue page that runs scams, promotes browser notification spam, and redirects visitors to other (likely unreliable/dangerous) sites. Our researchers discovered this untrustworthy webpage while inspecting websites that use rogue advertising networks. Typically, pages l

CMLOCKER Ransomware
Ransomware

CMLOCKER Ransomware

Our researchers discovered the CMLOCKER ransomware-type program while investigating new submissions to VirusTotal. It operates by encrypting data and demanding ransoms for the decryption keys/tools. After we executed a sample of CMLOCKER on our test machine, it encrypted files and appended their

AMERICAN GLOBAL TRADE Email Scam
Phishing/Scam

AMERICAN GLOBAL TRADE Email Scam

While investigating this email, we found that it is a scam email written by scammers who aim to lure unsuspecting recipients into opening the attached file. Scammers disguised this email as a letter from a company called AMERICAN GLOBAL TRADE regarding a new purchase order. It is strongly recommen

Powersoftwarepc.com Ads
Notification Spam

Powersoftwarepc.com Ads

We examined powersoftwarepc[.]com and learned that it is a deceptive page running the "McAfee - Your PC is infected with 5 viruses!" scam. Additionally, this website wants to show notifications. Our team discovered powersoftwarepc[.]com while analyzing shady web pages that use rogue advertising ne

RONALDIHNO ENCRYPTER Ransomware
Ransomware

RONALDIHNO ENCRYPTER Ransomware

RONALDIHNO ENCRYPTER is ransomware - a type of malware that uses cryptography to encrypt files (to make them inaccessible). Also, this particular ransomware appends the ".r7" extension to filenames, changes the desktop wallpaper, and creates the "READ_THIS.txt" (a ransom note). We discovered RONAL

Power-stability.com Ads
Notification Spam

Power-stability.com Ads

While checking out suspicious websites, our researchers discovered the power-stability[.]com rogue page. It promotes deceptive material, pushes spam browser notifications, and redirects users elsewhere (likely untrustworthy/malicious sites). Most visitors to power-stability[.]com and similar webp

Webprotectionsurveys.live Ads
Notification Spam

Webprotectionsurveys.live Ads

Webprotectionsurveys[.]live is a rogue site that our researchers found while inspecting dubious webpages. It operates by running scams, promoting spam browser notifications, and redirecting visitors to other (likely untrustworthy/harmful) websites. Users typically enter pages like webprotectionsu

New Order Email Scam
Phishing/Scam

New Order Email Scam

While investigating this email, we found that it is a scam email. Scammers behind it aim to trick recipients into opening a phishing website and providing information on it. The email is disguised as an inquiry letter regarding some order. This email should be ignored, and its hyperlink should be