Virus and Spyware Removal Guides, uninstall instructions

What is Maxtrilha?

Maxtrilha is the name of a banking trojan. This piece of malicious software is designed to target victims' banking accounts and their log-in credentials. Maxtrilha has been especially active in Latin America and certain countries in Europe (notably Portugal). This malware has been observed being spread through phishing spam campaigns.

What is !secure ransomware?

!secure is a piece of malicious software categorized as ransomware. It encrypts data (renders files inaccessible) and demands payment for the decryption (access recovery).

Affected files are prepended with the cyber criminals' email address and a unique ID assigned to the victims, they are also appended with a ".!secure" extension. Therefore, a file initially titled "1.jpg" would appear as something similar to "{notsosecure@firemail.cc}.ID=34GI7BEH.1.jpg.!secure". Afterwards, two ransom notes - "!README!.hta" and "!README!.txt" - are created.

What is Void68 ransomware?

Void68 blocks access to files (it encrypts them) and modifies their filenames. It appends the ".void" extension to the filename of every encrypted file. For example, it renames "1.jpg" to "1.jpg.void", "2.jpg" to "2.jpg.void". Void68 also changes the desktop wallpaper to an image containing a ransom note and creates the "nyiss meg.txt" file.

What is PasswordStealer Spyware?

Password stealers are malicious programs that people often install on their computers inadvertently. Once installed, they stealthily collect sensitive information. In most cases, they target details such as login credentials (usernames, passwords), credit card details, and other personal information.

They can also be designed to gather information regarding an infected system (connected users, network activity, installed antivirus and other software, etc.). Additionally, some of these malicious programs are capable of installing additional malware onto the computer and/or adding the computer to a botnet.

What is musttrust[.]xyz?

Musttrust.xyz is a fake search engine. Fraudulent web searchers like musttrust[.]xyz are usually promoted by PUAs (Potentially Unwanted Applications) categorized as browser hijackers. The Find browser hijacker has been noted promoting musttrust[.]xyz; what is noteworthy is that this rogue extension uses sophisticated persistence-ensuring tactics to stop users from recovering their browsers.

What kind of page is serviceone[.]info?

Serviceone[.]info has two purposes: to open various untrustworthy pages and to rick visitors into clicking the "Allow" button/agreeing to receive notifications. It shares these purposes with get-positive[.]net, positiveweb[.]org, captchamodern[.]top, and many other websites.

What is peatea[.]xyz?

Peatea.xyz is the URL (address) of a fake search engine. Typically, such web searchers are promoted by PUAs (Potentially Unwanted Applications) classified as browser hijackers.

The peatea[.]xyz web searcher has been observed being promoted by a browser hijacker called Find. What is noteworthy about this piece of software is that it uses sophisticated persistence-ensuring techniques - to prevent users from restoring their browsers.

What is Ltnuhr ransomware?

Ltnuhr encrypts files, then restarts a computer and displays a message on a black screen. It renames encrypted files by appending the ".ltnuhr" extension (for instance, it renames "1.jpg" to "1.jpg.ltnuhr", "2.jpg" to "2.jpg.ltnuhr"). Also, Ltnuhr creates the "RESTORE_FILES_INFO.txt" file, a ransom note.

What is "Network Solutions" email scam?

"Network Solutions email scam" refers to a phishing spam campaign. The spam emails are disguised as storage-related notifications from Network Solutions - a legitimate technology company that is a subsidiary of Web.com, one of the largest .com domain name registrars. It must be emphasized that these emails are in no way associated with the genuine Network Solutions company.

This spam mail aims to trick recipients into exposing their email account log-in credentials through a phishing website, presented as their email provider's sign-in page.

What kind of page is xdwhatijunn[.]xyz?

Xdwhatijunn[.]xyz has two purposes: to get permission to show notifications and promote shady web pages. It is more or less similar to positiveweb[.]org, towercaptcha[.]top, apel[.]top, and hundreds of other sites. Users open these sites unintentionally, for example, through untrustworthy ads or websites.