Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "Mercedes-Benz Lottery"?

After reviewing the email, we have determined that it is a fraudulent lottery scam. It falsely purports to be from the Mercedes-Benz company. The scammers behind it aim to deceive recipients into revealing personal information and potentially sending money. Recipients should not respond to this scam email and should delete it.

What kind of page is atthewon[.]buzz?

While inspecting websites that use questionable advertising networks, we discovered atthewon[.]buzz - a shady website that displays a deceptive message to lure visitors into agreeing to receive notifications. It is uncommon for such pages to be opened on purpose.

What kind of page is broforyou[.]me?

While analyzing broforyou[.]me, we learned that the purpose of this website is to trick visitors into allowing it to show notifications and redirect to other dubious sites. It displays deceptive content to receive permission to send notifications. We discovered broforyou[.]me while examining other shady pages.

What kind of page is allreqdusa[.]com?

Allreqdusa[.]com is a rogue page that our research team discovered while investigating suspicious websites. This webpage aims to deceive visitors into allowing it to display spam browser notifications. Additionally, allreqdusa[.]com can redirect users elsewhere (likely untrustworthy/malicious) sites.

Most visitors to such webpages enter them via redirects caused by websites using rogue advertising networks.

What kind of page is advdomenews[.]com?

Our researchers found the advdomenews[.]com rogue page while checking out untrustworthy websites. It operates by pushing browser notification spam and redirecting visitors to other (likely unreliable/malicious) sites. Most users access pages like advdomenews[.]com via redirects caused by websites that use rogue advertising networks.

What kind of page is astellihandl[.]xyz?

Our team examined astellihandl[.]xyz and found that it displays a deceptive message to trick visitors into agreeing to receive notifications. We also discovered that astellihandl[.]xyz redirects to another untrustworthy website. Thus, it is advisable not to trust astellihandl[.]xyz and pages opened through it.

What kind of malware is Sa58?

While examining malware samples submitted to VirusTotal, our team discovered ransomware dubbed Sa58. The purpose of this malware is to encrypt files. Additionally, Sa58 appends the ".sa58" extension to the filenames of all encrypted files and creates a ransom note (the "info.txt" file).

An example of how files encrypted by Sa58 ransomware are renamed: "1.jpg" is renamed to "1.jpg.sa58", "2.png" to "2.png.sa58", and so forth.

What kind of website is vipdatingtoday[.]top?

While analyzing vipdatingtoday[.]top, we learned that it uses a clickbait technique to lure visitors into allowing it to show notifications. Also, it redirects to other shady pages. Thus, vipdatingtoday[.]top is not a trustworthy website. We discovered it while inspecting other sites of this kind.

What kind of page is news-lihuve[.]com?

News-lihuve[.]com is a rogue webpage that we discovered while inspecting dubious websites. This page promotes spam browser notifications and redirects visitors to other (likely untrustworthy/dangerous) sites.

Users typically access news-lihuve[.]com and webpages akin to it – via redirects caused by websites using rogue advertising networks.

What is Worldwide Clock Extension?

While investigating suspicious websites, our research team discovered the Worldwide Clock Extension. This browser extension promises the functionality of displaying clocks from user-chosen timezones on the browser's homepage.

After inspecting Worldwide Clock Extension, we determined that it is a browser hijacker promoting the search.worldwideclockextension.com fake search engine.