Virus and Spyware Removal Guides, uninstall instructions

What is ProType?

Browser hijacker is a form of potentially unwanted application (PUA) that modifies browser's settings to promote an address of a fake search engine.

ProType changes browser's settings to search.82paodatc.com. Additionally, this browser hijacker adds "Managed by your organization" to Google Chrome browsers.

It is noteworthy that the majority of apps like ProType collect browsing data. They are called PUAs because most of them get downloaded and installed unintentionally.

What is "Krunker Hacks Krunker.io Aimbot + ESP Gen"?

"Krunker Hacks Krunker.io Aimbot + ESP Gen" is the name of an adware-type browser extension. This piece of rogue software claims to be a hacking tool for the Krunker.io First-Person Shooter (FPS) 3D browser game.

Amongst its fake features are FPS aimbot abilities, ESP (Extra Sensory Perception) cheats, and Krunkies (KR) in-game currency generator. However, instead of enabling users to use the promised functions, this browser extension runs intrusive advertisement campaigns.

Additionally, adware typically collects browsing-related and other vulnerable information. Hence, "Krunker Hacks Krunker.io Aimbot + ESP Gen" likely has such data tracking abilities.

Due to the dubious methods used to distribute adware-types, they are also considered to be PUAs (Potentially Unwanted Applications).

What is the Bizarro trojan?

Bizarro is the name of a banking trojan. This type of malware is designed to target banking information.

Furthermore, these trojans often have additional abilities that expand their area of interest outside of online banks. This applies to Bizarro as well.

The trojan in question is a sophisticated piece of malicious software with many functionalities. It uses strong obfuscation techniques that hinder its detection and analysis.

Bizarro is particularly active in South America and Europe; its target lists include over seventy banks from these continents. Bizarro employs social engineering in its distribution and post-infection operations.

What is Vjw0rm?

Vjw0rm is the name of a modular JavaScript remote administration trojan (RAT) which is publicly available for download on the Internet. This trojan can function as an information stealer and spread itself via removable drives.

Also, it can be used for Denial of service (DoS) attacks and intermediate for malware distribution. Research shows that one of the ways cybercriminals use to proliferate Vjw0rm is a phishing campaign (email containing a malicious attachment or link).

What is the "EuroLine Windows Exchange" scam email?

"EuroLine Windows Exchange email scam" refers to a spam campaign - a large-scale operation during which thousands of deceptive emails are sent. The letters distributed through this campaign - supposedly have a copy of payment documentation attached to them, the reception of which users are asked to confirm.

Instead of containing the proclaimed information, the phishing attachment is designed to trick users' into providing their email account log-in credentials (i.e., email addresses and passwords). Therefore by trusting these scam letters, users can have their email accounts stolen.

What is Dogelon Mars (ELON) giveaway scam?

One of the most popular crypto-related scam types is a giveaway scam offering participants a chance to multiply their cryptocurrency, for example, to get back double the amount of cryptocurrency deposit. It is common that scammers use names of well-known people (e.g., Elon Musk, Steve Wozniak) to trick people into sending them cryptocurrency.

Cryptocurrency transactions on the Bitcoin, Ethereum, and other networks are irreversible. Therefore, people who fall for these giveaway scams lose their money/cryptocurrency without a chance to get them back.

What is Matryoshka?

Ransomware is a form of malware that makes files inaccessible by encrypting them. Usually, victims cannot decrypt files without a decryption tool that can be provided only by the attackers.

Matryoshka encrypts and renames files. It appends the ".matryoshka" extension to their filenames.

For example, it renames a file named "1.jpg" to "1.jpg.matryoshka", "2.jpg" to "2.jpg.matryoshka", and so forth.

Matryoshka displays a pop-up window as its ransom note. It contains instructions on how to pay for data decryption and other information.

What is the Sal13 ransomware?

Belonging to the Xorist ransomware family, Sal13 is a malicious program that operates by encrypting data and demands payment for the decryption. In other words, systems infected with Sal13 have their files rendered inaccessible/useless and are issued demands for the access/use recovery.

During the encryption process, affected files are appended with the ".Sal13" extension. To elaborate, a file initially titled something like "1.jpg" would appear as "1.jpg.Sal13", "2.jpg" as "2.jpg.Sal13", "3.jpg" as "3.jpg.Sal13", etc.

Once this process is complete, identical ransom notes are created/displayed in a pop-up window and "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" text files, which are dropped into compromised folders.

If the affected operating system does not have the Cyrillic alphabet installed - the text presented in the pop-up will appear as nonsensical gibberish. Furthermore, Sal13 ransomware changes the desktop wallpaper.

What is "Your MAC has been blocked due to suspicious activity!" scam?

Typically, scammers behind technical support scams claim to offer legitimate technical support services. Their websites display fake virus notifications stating that the device is infected with a virus or there is another problem that needs to be solved immediately.

The main purpose of such scams is to trick unsuspecting users into calling the provided number and then paying money for some unnecessary software, services, or providing remote access to a computer. It is noteworthy that users do not visit technical support scam websites on purpose.

Usually, these pages get opened through shady advertisements, websites, or installed potentially unwanted applications (PUAs).

What kind of malware is Cesar ransomware?

Cesar is the name of a malicious program belonging to the Dharma ransomware group. Systems infected with this malware - have their data encrypted (files rendered inaccessible) and receive ransom demands for the decryption (access recovery).

During the encryption process, affected files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address, and ".cesar" extension. For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[yasomoto@tutanota.com].cesar" - after encryption.

Once this process is complete, ransom-demanding messages are created/displayed in a pop-up window and "FILES ENCRYPTED.txt" text file.