Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "Mailbox Restriction Notice"?

After examining the "Mailbox Restriction Notice" email, we determined that it is spam used to run a phishing scam. This letter makes false claims regarding the suspension of the recipient's email account due to a lack of storage space. The aim is to promote a phishing site targeting email account log-in credentials.

What kind of malware is Buhti?

Buhti is ransomware targeting both Windows and Linux systems. The Buhti ransomware payload, designed to target Windows computers, is a variant of the previously leaked LockBit 3.0 ransomware with minor modifications. In order to attack Linux systems, Buhti ransomware utilizes a modified version of the leaked Babuk ransomware.

Buhti encrypts files and replaces their filenames with a string of random characters, and appends the victim's ID as their extension. For instance, it replaces "1.jpg" with "4G8of7O.fxkJts2wg", "2.png" with "HePwiFM.fxkJts2wg", and so forth. Buhti also drops a ransom note named "[victim's_ID].README.txt".

What kind of malware is Kraken?

Kraken is a malware that empowers threat actors to illicitly acquire diverse sensitive information from different web browsers and applications. The creators of Kraken offer it for sale on a hacker forum, with pricing options of $29 for 30 days, $49 for 90 days, and $69 for 180 days. Cybercriminals have been observed distributing Kraken through email.

What kind of page is koddams[.]xyz?

Koddams[.]xyz is a rogue page that we discovered during a routine inspection of untrustworthy websites. It attempts to deceive visitors into enabling its browser notification delivery. Additionally, this webpage can redirect users to different (likely dubious/malicious) sites.

Most visitors to pages like koddams[.]xyz enter them through redirects generated by websites using rogue advertising networks.

What kind of malware is EXISC?

EXISC is a ransomware-type program that we discovered while investigating new submissions to the VirusTotal site. It is designed to encrypt data and demand payment for its decryption.

After we executed a sample of this ransomware on our testing system, it encrypted files and appended their titles with a ".EXISC" extension. For example, an original filename such as "1.jpg" appeared as "1.jpg.EXISC", "2.png" as "2.png.EXISC", etc.

Afterwards, EXISC created a ransom note named "Please Contact Us To Restore.txt"; based on the message therein, it is evident that this ransomware targets large entities rather than home users.

What kind of page is topsadrettin[.]com?

During our analysis of topsadrettin[.]com, we identified that the website exhibits a deceptive message and prompts visitors to grant permission to display notifications. Moreover, topsadrettin[.]com has the potential to redirect users to other dubious websites. We encountered topsadrettin[.]com while investigating sites that utilize shady advertising networks.

What kind of page is unasc.co[.]in?

During our investigation of unasc.co[.]in, our team uncovered its use of deceptive content designed to deceive visitors into subscribing to push notifications. Additionally, unasc.co[.]in may lead to other shady websites. Our encounter with unasc.co[.]in occurred while examining various pages that use rogue advertising networks.

What kind of page is tophome24[.]com?

During our examination of tophome24[.]com, we observed its intention to display untrustworthy notifications. Tophome24[.]com employs a misleading message designed to entice visitors into granting permission to receive its notifications. Our discovery of tophome24[.]com occurred while investigating other suspicious websites.

What kind of page is valeuceplangka[.]com?

In the course of our investigation into suspicious advertising networks, our team encountered valeuceplangka[.]com. This website is purposefully created to trick users into subscribing to its notifications and may be able to redirect visitors to other shady pages. It is rare for users to visit such pages intentionally.

What kind of page is rondureblog[.]com?

We discovered the rondureblog[.]com page during a routine investigation of dubious websites. It promotes browser notification spam and redirects users to other (likely untrustworthy/hazardous) sites. Most visitors to rondureblog[.]com and similar webpages access them via redirects generated by sites that use rogue advertising networks.