Virus and Spyware Removal Guides, uninstall instructions

What kind of application is PositiveFocus?

Our researchers found the PositiveFocus app during a routine review of new file submissions to the VirusTotal website. After analyzing this piece of software, we determined that it is adware belonging to the AdLoad malware family.

PositiveFocus is designed to generate revenue for its developers by feeding users with unwanted and potentially dangerous ads.

What kind of malware is Radiyu?

Radiyu is the name of a ransomware-type program. Following successful infiltration, this malware encrypts data and demands payment for its decryption. On our testing system, Radiyu encrypted files and added a ".Radiyu" extension to their titles. For example, a filename such as "1.jpg" appeared as "1.jpg.Radiyu", "2.png" as "2.png.Radiyu", etc.

Afterwards, a pop-up window was displayed. It contained the ransom note in Korean. At the time of writing, this ransomware is decryptable; the decryption password can be found below. However, it must be mentioned that it could be changed in potential future releases of Radiyu.

What kind of scam is "Buy Apple Products With Bitcoins"?

After investigating this "Buy Apple Products With Bitcoins" site, we determined that it is fake. This scam aims to trick users into exposing their cryptocurrency wallets by offering the possibility to purchase Apple products with Bitcoins. The scheme operates as a crypto drainer that empties victims' wallets.

What kind of application is Plik programu 4Trans?

Plik programu 4Trans is the name of a PUA (Potentially Unwanted Application). Software within this classification commonly has harmful functionalities. It is pertinent to mention that the installation setup carrying Plik programu 4Trans that we investigated was bundled with other unwanted and potentially dangerous software.

What kind of malware is RCRU64?

RCRU64 is ransomware designed to encrypt files and change their names (append the victim's ID, email address, and the (".HM8" extension) and provide two ransom notes ("Restore_Your_Files.txt" and "ReadMe.hta") with the same instructions. It is known that there are at least two other variants of RCRU64, such as DontCryLol and Vypt.

An example of how RCRU64 renames files: it renames "1.jpg" to "1.jpg_[ID-OGA1Q_Mail-silolopi736@gmail.com].HM8", "2.png" to "2.png_[ID-OGA1Q_Mail-silolopi736@gmail.com].HM8", and so forth.

What kind of software is Pinnipedia?

Pinnipedia is the name of a malicious browser extension. Our research team discovered it during a routine inspection of dubious sites; the extension was included in an installation setup promoted by a deceptive webpage.

Pinnipedia has browser management capabilities and spies on users' browsing activity. It is pertinent to mention that installers carrying this extension could be bundled with additional unwanted/harmful software.

What kind of application is TrustedEnumerator?

After analysis, it has come to our attention that TrustedEnumerator is an advertising-supported application that displays annoying advertisements. In addition to bombarding users with unwanted ads, TrustedEnumerator may be designed to gather data. Thus, it is highly recommended to avoid installing apps like TrustedEnumerator on computers.

What kind of email is "Microsoft Password System Reminder"?

After investigating the "Microsoft Password System Reminder" email, we determined that it is spam promoting a phishing scam. This bogus letter notifies of potential log-in issues, and preventing them will result in the recipient having to disclose their account password.

What kind of program is Odobenidae?

During our examination, we discovered that Odobenidae is an untrustworthy application with the capability to enable and control the "Managed by your organization" feature in Chrome and Edge browsers. Additionally, Odobenidae can oversee themes and extensions, as well as access (and modify) data from websites visited by users.

What kind of malware is Press?

Press is a ransomware-type program. Malware within this category is designed to encrypt data and demand payment for its decryption.

The Press ransomware operates in this manner as well. It also alters the name of encrypted files by appending them with a ".press" extension. For example, an original filename such as "1.jpg" appeared as "1.jpg.press", "2.png" as "2.png.press", and so on for all of the affected files. Some variants of Press ransomware append ".dwarf" or ".spfre" extensions.

Once the encryption process was completed, a ransom-demanding message titled "RECOVERY NFO.txt" was dropped. This note claims that this ransomware also uses double extortion tactics.