Skip to content

Is ‘counter.wmail-service.com’ a virus?

Before we answer the question, ‘Is ‘counter.wmail-service.com’ a virus?’, let’s look at what a virus is. A virus is a malicious code that attaches itself to a program, document or file. It can stay dormant on your system and requires you to run the program it is attached to for it to execute its malicious code.

The distinctive characteristic of a virus is that it is capable of spreading from device to device within the same network and can self-replicate to infect other programs.

Counter.wmail-service.com is not a virus in itself. It is the domain for a Command-and-Control server (C2) for a malicious browser extension called VenomSoftX, installed with the ViperSoftX malware. The malware operators use the C2 to send remote commands and additional payloads to the infected systems.

This article dives deeper into what ViperSoftX, counter.wmail-service.com, and VenomSoftX are, their impact on your system and how to remove the malware if your system is infected.

Also read: Is Akko legit? Is its smartphone insurance good?


What is ViperSoftX

First discovered by researchers in February 2020, ViperSoftX is a Remote Access Trojan (RAT) that disguises itself as a legitimate program to fool users into downloading.

The ViperSoftX malware spreads through cracked software versions like Adobe and Microsoft Office and is designed to monitor and steal cryptocurrency-related information.

The information stealer scans for crypto-wallet addresses pasted on the clipboard of the compromised device and swaps it with its wallet addresses. Its Remote Access Trojan (RAT) capabilities allow the execution of arbitrary commands and the download of additional payload provided by the C2 server.


What is ‘counter.wmail-service.com’?

Security researcher Colin Cowie revealed that the ViperSoftX Command-and-Control (C2) servers were hosting malicious browser extensions, one of them being ‘counter.wmail-service[.]com/api/file/download/v3.zip’.

It is the domain for a Command-and-Control server (C2) for a malicious browser extension called VenomSoftX, installed with the ViperSoftX malware. The malware operators use the C&C as a unified space to monitor all infected devices and send remote commands and additional payloads to the infected systems.

counter.wmail-service.com domain in C2 URLs. | Source: Colin Cowie

Also read: Is Porklardca legit?


What is VenomSoftX?

VenomSoftX is a malicious Chromium browser extension installed when ViperSoftX is downloaded on the victim’s system. VenomSoftX stays hidden as legitimate-looking, common browser extensions. The malicious extension has been known to disguise itself as Google Sheets 2.1.


Signs your system is infected with the malware

  • Random pop-ups – People on multiple online forums have reported the incessant appearance of ‘counter.wmail-service.com’ pop-ups.
  • System lag – If malware runs in the background, it’ll hog computer resources, slowing it down.
  • Unidentified apps – If there’s an app you didn’t download, check to see if it’s legit or a malicious app.
  • Unnecessary scheduled tasks – The code can be written in a way that creates scheduled tasks in the infected system to perform certain actions, like establishing a connection to a C2 server in a loop.

Also read: What is Vigram? Is it a virus?


How to remove counter.wmail-service.com?

Anti-virus scan

If your device already has a trusted anti-virus or anti-malware installed, run a scan to check if your system is infected with malicious programs or files.


Reset browser settings

Since VenomSoftX is a Chromium-based browser extension, you can reset your browser settings to their default to remove the extension.

To reset your browser settings on Chrome, click the three dots at the top right corner to open Settings. Navigate to the sidebar and click Reset settings > Restore settings to their original defaults. In the pop-up that appears, click Reset settings.

Reset Chrome browser settings to default.

For Microsoft Edge, follow the same steps as for Chrome. Note that the terms used may vary slightly.


Uninstall suspicious applications

For Windows desktops, type in settings in the search bar at the bottom of the screen.

On the Settings tab, navigate to Apps > Installed apps.

Navigate to Installed apps tab.

Go through your apps and extension list to identify any unknown or suspicious apps. If you find any, run a quick online check to confirm they are unidentified.

Uninstall an app.

Uninstall them by clicking on the vertical three dots and selecting Uninstall.


Remove unwanted extensions

Open your Chrome browser. Toward the right of the top search bar, click on the puzzle icon. Click Manage extensions. Alternatively, click the three vertical dots, then select Extensions > Manage extensions.

Manage extensions on Chrome browser.

Review all your extensions and remove any suspicious or unidentified ones by clicking the Remove button.

Remove an extension on Chrome browser.

For Microsoft Edge, open your browser and click the three horizontal dots on the right. Select Extensions. Click Manage Extensions in the pop-up that appears. Review your extensions and click Remove for the ones that seem suspicious.

Also read: Is ‘nmmhkkegccagdldgiimedpiccmgmieda’ a virus?

Vanashree Chowdhury

Vanashree Chowdhury

Being a tech enthusiast, Vanashree enjoys writing about technology and cybersecurity. She is a designer and marketer by profession and is deeply passionate about working on campaigns for social issues. You can contact her here: vanashreec@protonmail.com

>