Step-by-Step Malware Removal Instructions

WANNAFRIENDME 2 Ransomware
Ransomware

WANNAFRIENDME 2 Ransomware

WANNAFRIENDME 2 is ransomware that encrypts files, modifies filenames (appends the ".iRazormind" extension), and drops the "README.txt" file containing a ransom note. Our team discovered this ransomware while inspecting malware samples submitted to VirusTotal. An example of how WANNAFRIENDME 2 re

FormatSync Adware (Mac)
Mac Virus

FormatSync Adware (Mac)

We discovered FormatSync while inspecting shady websites distributing fake Adobe Flash Player installers. After downloading and installing this app, we learned that it displays annoying advertisements. Apps like FormatSync are classified as advertising-supported applications. FormatSync

News-hanuca.cc Ads
Notification Spam

News-hanuca.cc Ads

Our research team found the news-hanuca[.]cc rogue page during a routine inspection of untrustworthy websites. This webpage is designed to promote browser notification spam via deception. Additionally, news-hanuca[.]cc can redirect visitors to other (likely dubious/malicious) sites. Users typical

SIDDHIVINAYAK Email Virus
Phishing/Scam

SIDDHIVINAYAK Email Virus

Our analysis of this "SIDDHIVINAYAK" email revealed that it is malspam - malicious spam designed to infect recipients' systems with malware. These fake finance/purchase-themed letters proliferate the Agent Tesla RAT (Remote Access Trojan). It must be emphasized that, as with all spam emails, thes

Police_Decrypt0r Ransomware
Ransomware

Police_Decrypt0r Ransomware

Discovered by Petrovic, Police_Decrypt0r is a piece of malicious software categorized as ransomware. We ran a sample of this malware on our testing machine, and it encrypted files as well as changed their filenames. The names of the affected files were appended with a ".CRYPT" extension. For exam

Updatepcmc.xyz Ads
Notification Spam

Updatepcmc.xyz Ads

While inspecting websites that use rogue advertising networks, we came across updatepcmc[.]xyz - a deceptive page that runs the "McAfee - Your PC is infected with 5 viruses!" scam. We also found that this site wants to show notifications. All messages displayed by updatepcmc[.]xyz are fraudulent.

Device-undershield.com Ads
Notification Spam

Device-undershield.com Ads

While inspecting unreliable webpages, our researchers found the device-undershield[.]com site. It operates by running scams, pushing browser notification spam, and redirecting visitors to different (likely dubious/malicious) websites. Users typically enter pages like device-undershield[.]com throu

ELITEBOT Ransomware
Ransomware

ELITEBOT Ransomware

While checking the VirusTotal page for recently submitted malware samples, we discovered ransomware called ELITEBOT. This ransomware is part of the Makop family. It encrypts files, appends a string of random characters, elitebot@msgden.net email address, and the ".bot" extension to filenames, chan

Royroy Ransomware
Ransomware

Royroy Ransomware

During a routine inspection of new malware submissions to VirusTotal, our researchers discovered the Royroy ransomware. Additionally, it has to be mentioned that this malicious program is part of the ZEPPELIN ransomware family. On our test system, Royroy encrypted files and appended their filenam

Unusual Sign-in Activity Email Scam
Phishing/Scam

Unusual Sign-in Activity Email Scam

After examining this email, we learned that the scammers behind it attempt to trick recipients into providing their login credentials. They claim that the email account has been suspended due to unusual sign-in activity. They aim to trick recipients into opening the provided page and entering thei