Step-by-Step Malware Removal Instructions

CovalentStealer Malware
Trojan

CovalentStealer Malware

CovalentStealer is an info-stealing malware that identifies file shares on a system, categorizes the files, and then exfiltrates (uploads) them to a remote server controlled by threat actors. CovalentStealer stores gathered files on OneDrive. It is known that it was used as a payload when targetin

Your Device Apple iPhone Has Been Hacked POP-UP Scam (Mac)
Mac Virus

Your Device Apple iPhone Has Been Hacked POP-UP Scam (Mac)

"Your Device Apple iPhone Has Been Hacked" is a scam that our researchers discovered while inspecting dubious websites. As the name implies, it claims that the visitor's iPhone has been infected and hacked. It must be emphasized that no site can detect such (or other) issues on users' devices -

Cool baro Browser Hijacker
Browser Hijacker

Cool baro Browser Hijacker

Cool baro is a browser extension designed to promote barosearch.com by hijacking a web browser. Barosearch.com is a fake search engine that does not generate its own results. Typically, users download and add browser hijackers to browsers (or install them on computers) inadvertently. Cool

Webregadvertising.com Ads
Notification Spam

Webregadvertising.com Ads

The purpose of webregadvertising[.]com is to trick visitors into allowing it to show notifications. Additionally, it redirects them to other websites. Our team encountered webregadvertising[.]com while examining other websites that use rogue advertising networks. It is uncommon for pages like webr

Tohj Ransomware
Ransomware

Tohj Ransomware

Our researchers discovered yet another malicious program - Tohj - belonging to the Djvu ransomware family while inspecting new submissions to VirusTotal. Ransomware encrypts data and demands payment for decryption. Once we executed a sample of Tohj on our test system, it began encrypting files. T

Oneqanatclub.com Ads
Notification Spam

Oneqanatclub.com Ads

While analyzing oneqanatclub[.]com, we learned that it requests visitors to pass a fake CAPTCHA (it shows deceptive content to lure visitors into agreeing to receive notifications). It also redirects visitors to other websites of this type. Our team discovered oneqanatclub[.]com while inspecting w

Towz Ransomware
Ransomware

Towz Ransomware

Our team discovered another Djvu ransomware called Towz that encrypts files to make them inaccessible until a ransom is paid. We also found that Towz appends the ".towz" extension to filenames and creates the "_readme.txt" file (a file containing contact and payment information). This ransomware w

InformationLeader Adware (Mac)
Mac Virus

InformationLeader Adware (Mac)

InformationLeader is an advertising-supported application (adware) that bombards users with annoying advertisements. We discovered this app after using a fake installer downloaded from a website claiming that it is required to update the Adobe Flash Player. It is not uncommon for apps like Infor

Lostdata Ransomware
Ransomware

Lostdata Ransomware

Lostdata is ransomware that encrypts files, replaces their names with an email address and a string of random characters, and appends the ".cbf" extension to filenames. Also, Lostdata changes the desktop wallpaper (with a short ransom note on it). Our malware researchers discovered Lostdata ransom

Lundiapoditing.com Ads
Notification Spam

Lundiapoditing.com Ads

While investigating questionable sites, our researchers found the lundiapoditing[.]com rogue webpage. It is designed to push browser notification spam and redirect visitors to different (likely unreliable or malicious) websites. Lundiapoditing[.]com and similar pages are most commonly entered thr