Virus and Spyware Removal Guides, uninstall instructions

What is WMS Technologies Email Virus?

One of the channels cybercriminals use to distribute is email. In such cases, they pretend to be legitimate companies, organizations, etc., and include a malicious attachment or a download page for a malicious file in their email.

Their main goal is to trick recipients into downloading and opening a malicious file. The purpose of this malspam campaign is to trick recipients into opening a malicious Microsoft Excel document that can install different malicious programs, e.g., AZORult, AgentTesla, Snake Keylogger, LokiBot, Oski Stealer.

What is maximus-time[.]com?

Maximus-time[.]com is a page that is very similar to video-change[.]digital, enquiryofh[.]fun, and captcharesolving-universe[.]com, and a great number of other shady sites designed to promote other pages of this kind or load their deceptive content. Usually, users do not visit them intentionally - they get opened after clicking deceptive ads, visiting questionable websites.

It is also common that browsers open untrustworthy websites because there is a potentially unwanted application (PUA) installed on them. It is recommended not to visit pages like maximus-time[.]com or have any PUA installed on a browsers or the operating system.

What is Mammon?

Ransomware is a form of malware that is designed to prevent victims from accessing their files. In most cases, it encrypts files with a strong encryption algorithm, renames them, and displays or creates (or both) a ransom note.

Mammon is part of the Makop ransomware family. This ransomware variant encrypts files and appends a string of random characters (in this case, 9B83AE23), mammon0503@tutanota.com email address, and the ".mammon" extension to their filenames.

For example, it renames a file named "1.jpg" to "1.jpg.[9B83AE23].[mammon0503@tutanota.com].mammon", "2.jpg" to "2.jpg.[9B83AE23].[mammon0503@tutanota.com].mammon", and so on. Also, Mammon creates the "readme-warning.txt" text file (its ransom note) in each folder that contains encrypted data.

What is the "Seojoong Logistics DMCC" scam email?

"Seojoong Logistics DMCC email virus" refers to a malware-proliferating spam campaign. This term defines a large-scale operation during which deceptive emails are sent by the thousand.

The letters distributed through this campaign - request recipients to confirm their delivery order and review the bill of lading (B/L). However, instead of containing the stated document, the file attached to the scam emails contains FormBook malware.

This malicious program is designed to extract vulnerable information from infected systems and perform specific commands on them.

What is Job Search?

Job Search is a piece of software endorsed as a tool for quick access to job-related content. To elaborate, it allows users to access job search sites, professional networking platforms, salary calculators, and job interview preparation material through a browser's homepage.

However, replacing/altering browser homepages and promoting search engines are qualities typical of browser hijackers. Software within this classification typically modifies browsers and restricts/denies access to their settings - in order to promote fake web searching tools.

In the case of Job Search, it does not cause redirects to illegitimate web searchers; instead, it promotes the Bing search engine. Additionally, browser hijackers often spy on users' browsing activity.

Job Search might have such data tracking abilities, though it does not ask permission to access private information. Since most users download/install browser hijackers unintentionally, they are also classified as PUAs (Potentially Unwanted Applications).

What is Conf Search?

A browser hijacker is a type of app that promotes a fake search engine (its address). It hijacks a browser by changing its settings.

Conf Search promotes the conf-search.com address. Also, this browser hijacker adds the "Managed by your organization" feature on Google Chrome browsers.

It is common that apps of this type are designed to collect some information about their users (browsing data). It is likely that Conf Search gathers data too.

Usually, users download and install browser hijackers unknowingly, for this reason they are called potentially unwanted applications (PUAs).

What is Cardano giveaway scam?

Cardano is the name of a legitimate blockchain platform, and the cryptocurrency which operated in its network is called ADA. There are many cryptocurrency giveaway scams on the Internet offering to receive a certain amount of cryptocurrency in exchange for contribution in the "giveaway".

Simply said, scammers behind such scams attempt to steal cryptocurrency from unsuspecting people. It is common that scam websites (fake giveaways) like this one are promoted through deceptive advertisements, other shady pages, videos on YouTube, or potentially unwanted applications (PUAs) that users unknowingly install on their browsers or computers.

What is Sandro RAT?

Sandro is a piece of malicious software, classified as a RAT (Remote Access Trojan). This malware type enables remote access and control over a compromised device.

RATs can allow for close-to or user-level amount of control over infected machines. Hence, these trojan infections can lead to a wide variety of severe issues. The Sandro RAT targets Android operating systems.

What kind of malware is TeaBot?

TeaBot is a piece of malicious software categorized as a banking trojan with RAT (Remote Access Tool/Trojan) capabilities. This malware targets Android operating systems.

Its primary functionality is extraction of information related to online banking. At the time of research, its target list included more than sixty European banks.

TeaBot also operates as a RAT; hence, it can enable remote access and control over infected devices. Malicious programs of this type can allow for near-limitless control over compromised machines.

What is Coms ransomware?

Coms is a piece of malicious software, which is part of the Dharma ransomware family. Systems infected with this malware have their data encrypted (files are rendered inaccessible/unusable) and receive ransom demands for the decryption (access/use recovery).

As this ransomware encrypts, files are renamed following this pattern: original filename, unique ID assigned to victims, cyber criminals' email address, and the ".coms" extension.

For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[golbnaty@aol.com].coms" - after encryption. Once this process is complete, ransom notes are displayed/created in a pop-up window and "FILES ENCRYPTED.txt" text file.