Virus and Spyware Removal Guides, uninstall instructions

What is IncognitoSearchTech?

IncognitoSearchTech is rogue software classified as a browser hijacker. It operates by making modifications to browser settings to promote the incognitosearchtech.com fake search engine.

Additionally, most browser hijackers have data tracking capabilities that are used to collect browsing-related information. Due to the dubious techniques used to proliferate IncognitoSearchTech, it is also categorized as a Potentially Unwanted Application (PUA).

What is the fake "Budapest Bank" email?

"Budapest Bank email virus" refers to a spam campaign proliferating the LokiBot Trojan. The term "spam campaign" defines a large-scale operation during which scam emails are sent by the thousand. The messages sent through this campaign are presented as payment confirmations from the Budapest Bank.

Note that these emails are fake, and are in no way associated with the real Budapest Bank. The file attached to the scam messages contains LokiBot malware.

What is Oscorp?

Oscorp is malware targeting devices that use the Android operating system. It has various malicious functionality. Oscorp's capabilities include data extraction, sending text messages, making telephone calls, spying, removing anti-virus tools, etc.

Due to its many dangerous features, Oscorp is classified as a highly dangerous piece of software. Therefore, it must be removed immediately upon detection.

What is thehypenewz[.]com?

thehypenewz[.]com is used to promote other dubious websites and deceive visitors into giving it permission to display notifications. Users do not often visit websites such as thehypenewz[.]com intentionally - typically, they arrive at them when they click deceptive ads, through other untrusted pages that they visit, or when potentially unwanted applications (PUAs) are installed on their browsers.

There are many web pages similar to thehypenewz[.]com on the internet. Some of examples are lcutterlyba[.]top, goodmode[.]biz, and zvideo-live[.]com.

What is CinaRAT?

CinaRAT is a Remote Administration Trojan that is very similar to another RAT called Quasar. Typically, RATs allow the attackers to access and control infected machines remotely.

After successful installation, cyber criminals can use CinaRAT to manage files, access Command Prompt, Task Manager, and other Windows features, steal saved passwords from web browsers and FTP software, and log keystrokes. CinaRAT uses certain techniques to avoid antivirus detection.

What is My Smartlink?

My Smartlink is a browser hijacker that promotes the tailsearch.com fake search engine. Typically, software of this type makes changes to browser settings to promote search engines, however, My Smartlink does not actually modify browsers when promoting tailsearch.com (see below).

Additionally, this browser hijacker collects browsing-related information. Since most users download/install browser hijackers inadvertently, they are also categorized as Potentially Unwanted Applications (PUAs).

What is HDLocker?

Discovered by xiaopao, HDLocker is a data-encrypting malware. Due to this malicious program's modus operandi, it is classified as ransomware. Malware of this type is designed to encrypt data (i.e., render files inaccessible and useless), typically for the purpose of making ransom demands for decryption tools/software.

When HDLocker encrypts, affected files are appended with the "_HD" extension. For example, a file originally named something like "1.jpg" as "1.jpg_HD", "2.jpg" as "2.jpg_HD", "3.jpg" as "3.jpg_HD", and so on.

Once this process is complete, this ransomware displays a pop-up window.

What is omingple[.]top?

omingple[.]top is a rogue website. When accessed, it presents visitors with dubious material and/or redirects them to other untrusted and possibly malicious sites. The The internet is full of these bogus web pages - lcutterlyba.top, greemed.top, and blackfr1dayz.com are just some examples.

These rogue web pages are rarely opened intentionally - most users are redirected to them by intrusive ads or by Potentially Unwanted Applications (PUAs) that have already infiltrated the system. These apps have dangerous functionality, including causing redirects, delivering intrusive ad campaigns, and collecting browsing-related information.

What kind of malware is LOTUS?

LOTUS is a type of malware that blocks access to files by encryption and keeps them in this state until a ransom is paid. After installation, it displays a message demanding a ransom payment in a pop-up window and creates the "MANUAL.txt" text file (another ransom message).

LOTUS also renames encrypted files by adding the victim's ID, paymei@cock.li email address, and appending the ".LOTUS" extension to their filenames. For example, it renames "1.jpg" to "1.jpg.id-C279F237.[paymei@cock.li].LOTUS", "2.jpg" to "2.jpg.id-C279F237.[paymei@cock.li].LOTUS", and so on.

LOTUS belongs to the ransomware family called Dharma.

What is the "Order Error" scam email?

"Order Error" is an spam email campaign. This term defines a mass-scale operation during which thousands of deceptive emails are distributed. There are several variants of the "Order Error" scam emails, however, the messages are thematically identical. They are presented as messages sent by a wrongly charged customer/buyer, with the recipient positioned as the seller.

Note that these emails are scams, and none of the information provided by them is genuine. The purpose of this campaign is to promote a phishing/malicious site, and so visiting and trusting it can cause serious issues.