Virus and Spyware Removal Guides, uninstall instructions

What kind of application is AccessibleTool?

AccessibleTool is an adware-type application. Our research team found it during a routine investigation of new file submissions to the VirusTotal platform. This app belongs to the AdLoad malware family. Advertising-supported software runs intrusive advertisement campaigns and may have other harmful abilities.

What kind of application is Personalized_notepad_with_reminders?

Personalized_notepad_with_reminders is classed as a PUA (Potentially Unwanted Application). Our researchers discovered an installer containing this app during a routine inspection of suspicious websites. PUAs typically possess undesirable and possibly hazardous capabilities, and this likely applies to this software.

It is noteworthy that the Personalized_notepad_with_reminders installation setup which we investigated was bundled with additional unwanted software.

What kind of malware is Shiel?

Our researchers discovered the Shiel ransomware while investigating new file submissions to the VirusTotal platform. This program is part of the Dharma ransomware family. Malware within this category is designed to encrypt data and demand payment for its decryption.

On our testing system, Shiel ransomware encrypted files and altered their filenames by appending them with a unique ID and a ".shiel" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id-9ECFA84E.[00223@45312].shiel".

After the encryption process was completed, Shiel created ransom notes by displaying a pop-up window and dropping text files titled "README!.txt" onto the desktop and into all encrypted directories.

What kind of application is CreatePremium?

During our examination, we discovered that CreatePremium inundates users with intrusive advertisements, categorizing the app as adware. Users frequently install such adware without a clear understanding of its functionalities. It is important to highlight that adware, including CreatePremium, can be crafted to gather user data.

What kind of malware is SPICA?

SPICA is the name of a backdoor-type malware. This malicious program is written in the Rust programming language. Software within this classification stealthily opens a "backdoor" to targeted machines, typically in order to cause further infection.

SPICA has been in use since September 2023, but some evidence suggests that this backdoor has been around since at least November 2022. SPICA is believed to be the first custom-built malware developed and used by the COLDRIVER (also known as Callisto, Star Blizzard, and UNC4057) threat actor.

The operation of this group aligns with the interests of the Russian government. COLDRIVER has been around for many years, and until recently, its activities centered on phishing-based espionage.

The group targets persons of import, such as former intelligence and military officials in the West, as well as individuals associated with NATO, the Ukrainian government and army, academic spheres, and various Non-Governmental Organizations (NGOs). Previously, the group focused only on credential phishing but has expanded its activities to malware proliferation.

What kind of scam is "MacOS Is Infected - Virus Found"?

In this article, we provide a review of deceptive notifications (fake warnings, alerts, and similar messages) posing as legitimate notifications from the operating system or security software. These deceptive notifications come from unreliable pages and often serve as gateways to scam websites designed to coerce users into taking specific actions.

What kind of malware is Wessy?

While inspecting new file submissions to the VirusTotal site, our researchers discovered the Wessy ransomware. Malware within this classification encrypts data to make ransom demands for its decryption.

After we executed a sample of Wessy on our testing system, it encrypted files and appended their filenames with a ".wessy" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.wessy", "2.png" as "2.png.wessy", and so on for all of the locked files.

Once this process was completed, Wessy changed the desktop wallpaper and created a ransom-demanding message named "READ_ME.txt".

What kind of app is Conquerable.app?

While assessing the application, it became evident that Conquerable.app is an ad-supported app linked to the Pirrit family. Conquerable.app displays intrusive advertisements and has the potential to collect personal information. Typically, applications of this nature, such as Conquerable.app, are disseminated through questionable means.

What kind of program is PantheraLeo?

During our inspection, we came across the finding that PantheraLeo is an unreliable extension distributed via a malicious installer. Once added to a browser, PantheraLeo activates the "Managed by your organization" feature (it can control this setting on Chrome and Edge browsers). Also, PantheraLeo can read various data and manage themes and extensions.

What is "Official Invoice"?

Upon scrutinizing the email, it became evident that it conforms to the characteristics of a common phishing attempt. The scammers orchestrating this scheme seek to deceive recipients by enticing them to click on the provided link, ultimately coercing them into revealing sensitive personal information. Recipients should avoid interacting with such deceptive communications.