Virus and Spyware Removal Guides, uninstall instructions

What is the "SGBM" scam email?

"SGBM email virus" is the name of a malware-proliferating spam campaign. The term "spam campaign" defines a mass-scale operation during which thousands of deceptive emails are sent.

The letters distributed through this campaign - are presented as product quotations. The file attached to these scam emails supposedly contains the quotation; however, it triggers download/installation of the FormBook malicious program - upon opening.

What is allcommonblog[.]com?

Usually, pages like allcommonblog[.]com are promoted via untrustworthy websites, deceptive advertisements, or potentially unwanted applications (PUAs). Users do not visit them intentionally.

These pages are designed to load their dubious content and open other sites of this kind. It is worthwhile to mention that most PUAs are promoted using deceptive methods.

Therefore, most of them get downloaded and installed accidentally. More examples of pages that are more or less similar to allcommonblog[.]com are ribngh[.]com, wholecommonposts[.]com, and nipwaghue[.]com.

What is "SHIBA (SHIB) Giveaway"?

"SHIBA (SHIB) Giveaway" is a scam promoted on various deceptive sites. This fake giveaway promises twice the return in Shiba Inu coin/ Shiba Token (SHIB) cryptocurrency that users invest in it.

In other words, the scam asks users to transfer at least 200,000,000 SHIB to the provided address and promises that they will immediately receive two times the amount back. It must be emphasized that this giveaway and all of its claims are false.

Hence, victims of this scheme will not receive the doubled amount, and they will also lose what they have already transferred to the scam. Deceptive websites are rarely accessed intentionally.

Most users enter them via mistyped URLs, redirects caused by intrusive advertisements, or have the webpages force-opened by installed PUAs (Potentially Unwanted Applications).

What is ProType?

Browser hijacker is a form of potentially unwanted application (PUA) that modifies browser's settings to promote an address of a fake search engine.

ProType changes browser's settings to search.82paodatc.com. Additionally, this browser hijacker adds "Managed by your organization" to Google Chrome browsers.

It is noteworthy that the majority of apps like ProType collect browsing data. They are called PUAs because most of them get downloaded and installed unintentionally.

What is "Krunker Hacks Krunker.io Aimbot + ESP Gen"?

"Krunker Hacks Krunker.io Aimbot + ESP Gen" is the name of an adware-type browser extension. This piece of rogue software claims to be a hacking tool for the Krunker.io First-Person Shooter (FPS) 3D browser game.

Amongst its fake features are FPS aimbot abilities, ESP (Extra Sensory Perception) cheats, and Krunkies (KR) in-game currency generator. However, instead of enabling users to use the promised functions, this browser extension runs intrusive advertisement campaigns.

Additionally, adware typically collects browsing-related and other vulnerable information. Hence, "Krunker Hacks Krunker.io Aimbot + ESP Gen" likely has such data tracking abilities.

Due to the dubious methods used to distribute adware-types, they are also considered to be PUAs (Potentially Unwanted Applications).

What is the Bizarro trojan?

Bizarro is the name of a banking trojan. This type of malware is designed to target banking information.

Furthermore, these trojans often have additional abilities that expand their area of interest outside of online banks. This applies to Bizarro as well.

The trojan in question is a sophisticated piece of malicious software with many functionalities. It uses strong obfuscation techniques that hinder its detection and analysis.

Bizarro is particularly active in South America and Europe; its target lists include over seventy banks from these continents. Bizarro employs social engineering in its distribution and post-infection operations.

What is Vjw0rm?

Vjw0rm is the name of a modular JavaScript remote administration trojan (RAT) which is publicly available for download on the Internet. This trojan can function as an information stealer and spread itself via removable drives.

Also, it can be used for Denial of service (DoS) attacks and intermediate for malware distribution. Research shows that one of the ways cybercriminals use to proliferate Vjw0rm is a phishing campaign (email containing a malicious attachment or link).

What is the "EuroLine Windows Exchange" scam email?

"EuroLine Windows Exchange email scam" refers to a spam campaign - a large-scale operation during which thousands of deceptive emails are sent. The letters distributed through this campaign - supposedly have a copy of payment documentation attached to them, the reception of which users are asked to confirm.

Instead of containing the proclaimed information, the phishing attachment is designed to trick users' into providing their email account log-in credentials (i.e., email addresses and passwords). Therefore by trusting these scam letters, users can have their email accounts stolen.

What is Dogelon Mars (ELON) giveaway scam?

One of the most popular crypto-related scam types is a giveaway scam offering participants a chance to multiply their cryptocurrency, for example, to get back double the amount of cryptocurrency deposit. It is common that scammers use names of well-known people (e.g., Elon Musk, Steve Wozniak) to trick people into sending them cryptocurrency.

Cryptocurrency transactions on the Bitcoin, Ethereum, and other networks are irreversible. Therefore, people who fall for these giveaway scams lose their money/cryptocurrency without a chance to get them back.

What is Matryoshka?

Ransomware is a form of malware that makes files inaccessible by encrypting them. Usually, victims cannot decrypt files without a decryption tool that can be provided only by the attackers.

Matryoshka encrypts and renames files. It appends the ".matryoshka" extension to their filenames.

For example, it renames a file named "1.jpg" to "1.jpg.matryoshka", "2.jpg" to "2.jpg.matryoshka", and so forth.

Matryoshka displays a pop-up window as its ransom note. It contains instructions on how to pay for data decryption and other information.