malwarebytes banner


How to remove Payroll Timetable e-mail virus

Payroll Timetable is a malicious e-mail campaign designed to trick users into downloading a devastating trojan called TrickBot. Developers in charge of this campaign send thousands of identical messages representing fake information about some payroll timetable. By impersonating the name of a legitimate company named PricewaterhouseCoopers and pretending to be its employees, cybercriminals encourage users to review some "irregularities" by opening the attached file. Such text is usually random to users and simply meant to raise curiosity for opening a malicious attachment in .docx, .xls, or other MS Office formats. If you ever receive a message accompanied by some attachment, chances are, this is an attempt to deliver a virus infection. The distributed TrickBot trojan is meant to record sensitive information (e.g., passwords, usernames, e-mails, etc.) and use it for stealing related accounts. The scope of cybercriminals is especially towards various finance-related applications, such as pocket banks or crypto-wallets. Unfortunately, if you trusted the Payroll Timetable e-mail message and opened the attached document, then your system is more likely infected. Use our guide below to avert the damage by running complete deletion of the infection.

How to remove S.O.V.A. Banking Trojan (Android)

S.O.V.A. is a banking trojan virus designed to extract finance-related information from Android devices. Specifically, it was spotted to do so on devices ranging from 7 to 11 Android versions. While being distributed under the disguise of ostensibly legitimate software, the sneaky trojan demands users to grant a number of device permissions. If such permissions are eventually given, the trojan will become capable of reading the device's screen and simulating fake log-in windows to bait users into entering their credentials. As mentioned, the main target of S.O.V.A. is banking information, which means it is likely the trojan will try to collect information from banking applications, cryptocurrency wallets, and other places related to finance. Due to the keylogging abilities, the trojan can record all the typed keystrokes and abuse them for stealing accounts or performing unauthorized money transactions. In addition, it was also observed that S.O.V.A. has access to managing SMS messages and displaying various pop-ups. Allowing such malware to operate for too long may indeed lead to severe privacy issues and potential loss of finance. On top of that, the S.O.V.A. banking trojan is still considered under development and is expected to acquire more features (performing DDoS attacks, operating as screen-locking ransomware, impeding 2FAs (Two-Factor Authentications), and so forth) in future updates. Thus, if you suspect your Android is under the affection of this or similar infection, follow our guidelines below to remove it and ensure further protection against such threats.

How to remove Conteban Trojan

Conteban is a remote-access trojan that, upon successful Infiltration, manipulates system features to run malicious actions on it. While the actual purpose of this virus remains unclear, malware of such tends to cause chain infections. This means that Conteban may act as a "backdoor" to bring other viruses, such as ransomware, along the way. Ransomware is a devastating malicious software that usually encrypts system stored data and blackmails victims into paying money for its return. In addition, many developers behind trojan infections also seek the extraction of valuable information (e.g. passwords, log-ins, banking credentials, etc.). This data can therefore be misused to perform fraudulent financial operations, putting users' funds and privacy at significant risk. Sometimes, however, there is software mistakenly tagged as Trojan-Win32/Conteban by various antivirus engines, including native Windows Defender. These false positives happen pretty often and may occur while launching or installing a third-party file downloaded from the web. If you suspect your system to be actually infected, or you doubt the trustworthiness of the file downloaded, we recommend you use our guide to make sure nothing threatens your PC.

How to remove Exobot Trojan (Android)

Also known as Exo Android Bot, Exobot is a dangerous and highly-disruptive piece of malicious software designed to infiltrate Android devices. Exobot is similar to functions carried out by many banking trojans. In essence, it settles within a system and performs a number of phishing actions aimed at extracting valuable information from users (e.g. bank card credentials; passwords, log-ins, and even identity information). It does so by accessing Accessibility Services and manipulating an infected device through WiFi or Mobile networks. Alternatively, if there is no internet connection available, Exobot, is also capable of performing device control through SMS messages, which expands its abuse potential. In order to trick users into entering their credentials, cybercriminals may create simulated layers of popular apps (Google Play; WhatsApp, Viber, etc.) that pop on the screen and hardly differ from authentic ones. Smartphone trojans are usually granted extensive permissions giving full freedom to threat actors on what they can do. This includes forced device locking, blocked access to certain applications, screen capture, SMS management, microphone, and camera manipulation along with other compromising features as well. Exobot is especially known for the botnet feature allowing developers to link a number of infected devices and control them together from the same server to execute malicious steps. In conclusion, malware like Exobot is very devastating as it may lead you to deal with serious privacy issues, financial risks, downgraded device performance, or even identity theft. Thus, we recommend you follow our guidelines below and get rid of this virus as soon as you are able to.

How to remove Teabot Trojan (Android)

Teabot is a trojan infection that seeks extraction of banking-related data. Based on publicly-available reports, it is known that TeaBot has been targeting more than sixty banks across Europe. Upon getting installed onto a smartphone, it demands users to allow certain Accessibility Features by sending a number of pop-up windows. Once the requested permissions are given, developers behind Teabot will become able to control the infected device using Remote Access Tool (RAT). This will allow cybercriminals to deploy any malicious commands they want (e.g. replicate log-in credentials, take screenshots, manage contacts and send messages, disable security layers, record audio, etc.). As mentioned, the main target of this trojan comes down to financial information meaning cybercriminals might be more interested in stealing data from crypto wallets, banking or insurance apps, and so forth. To conclude, the presence of Teabot may and will be extremely dangerous for all kinds of sensitive data unless it is removed from your device. We recommend you do it as soon as possible using our guidelines below. Step-by-step instructions will help you delete it without traces.

How to remove BianLian Trojan (Android)

BianLian is the name of a banking trojan designed to exfiltrate mainly finance-related information. After successful installation, it bombards the device's screen with pop-up windows that request users to allow various Accessibility Features. Once the demanded permissions are granted, the trojan acquires an almost limitless range of malicious features. For instance, it might display fake interactable windows on top of various banking applications. This way, cybercriminals attempt to trick users into entering their log-in credentials and steal them eventually. BianLian was also discovered able to run USSD codes and perform calls; prevent users from using a device by force-locking the screen; enable screen recording, manage SMS text messages, and also create an SSH server for protecting its communication channels. Such modules used by the trojan are obviously dangerous and might lead users to significant financial losses, identity thefts, and other problems that no one would desire. Thus, it is important to remove the trojan infection and restore safety on your Android device. You should also change all your log-in credentials and even block your card at the bank to prevent financial abuse.