Virus and Spyware Removal Guides, uninstall instructions

What is the "Propuesta comercial" scam email?

"Propuesta comercial" is the title/subject of scam emails targeting Spanish-speaking users. The messages claim that recipients have been tracked for a considerable period time and, unless they pay a certain sum of money, they will experience unspecified, yet serious, problems.

Note that all information provided by "Propuesta comercial" emails is false and merely use scare tactics to trick recipients into paying the scammers.

What is AssistiveUnit?

AssistiveUnit is rogue software classified as adware. This app also has browser hijacker traits. It operates by running intrusive advertisement campaigns, making alterations to browser settings and promoting fake search engines. AssistiveUnit promotes Safe Finder through akamaihd.net in this manner.

Most adware-type programs and browser hijackers monitor users' browsing activity, and it is highly likely that AssistiveUnit does so as well. Due to the dubious techniques employed to proliferate AssistiveUnit, it is classified as a Potentially Unwanted Application (PUA). 

What is PracticalDivision?

PracticalDivision is an adware-type application with browser hijacker traits. Following successful infiltration, it operates by delivering intrusive advertisement campaigns and making modifications to browser settings to promote fake search engines. PracticalDivision promotes Safe Finder via akamaihd.net in this manner.

Most adware programs and browser hijackers also possess data tracking capabilities, which are used to monitor users' browsing activity. Due to the dubious techniques used to spread PracticalDivision, it is classified as a Potentially Unwanted Application (PUA).

What is PPHL ransomware?

Discovered by malware intelligence analyst, Marcelo Rivero, PPHL is a malicious program that belongs to the Dharma ransomware family. It operates by encrypting data and demanding payment for decryption.

During the encryption process, all compromised files are renamed according to this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".PPHL" extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[pvphlp@tutanota.com].PPHL" following encryption.

Once this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is the "Warning: Your macOS has expired" scam?

"Warning: Your macOS has expired" is a technical support scam run on deceptive websites. This scheme claims that the user's macOS (Mac Operating System) has expired, and due to this, certain applications will no longer be operational and the device itself is at risk of infection.

Additionally, suspicious activity has supposedly already been detected. Scams of this type promote fake tech support helplines, and from that point on the scammers can abuse users' trust in various ways. All of the information provided by "Warning: Your macOS has expired" is false.

Typically, users access these deceptive/scam sites unintentionally - they are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs). These rogue apps do not need explicit user consent to be installed onto devices.

What is the Erif ransomware?

Erif is a malicious program belonging to the Djvu ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. During the encryption process, all affected files are appended with the ".erif" extension.

For example, a file named something like "1.jpg" would appear as "1.jpg.erif" following encryption. Once this process is complete, a ransom message within the "_readme.txt" file is created.

What is History Wipe Clean?

History Wipe Clean is dubious software promoted as a tool to increase browsing privacy. It is supposedly capable of preventing browsing-activity tracking and clearing the browsing history upon browser reopening. In fact, History Wipe Clean is classified as adware, as it runs intrusive advertisement campaigns.

Furthermore, despite claiming to prevent data tracking attempts, this adware collects browsing-related information itself. Due to the dubious tactics used to proliferate History Wipe Clean, it is classified as a Potentially Unwanted Application (PUA).

What is the XTMEM stealer?

XTMEM is malicious software, classified as a stealer. As the classification suggests, this type of malware steals information. Stealers have a wide range of dangerous capabilities, which can lead to likewise varied issues for users of infected devices.

XTMEM poses a significant threat to device and user safety and, as such, must be removed from systems immediately upon detection.

What is OperativeDesktop?

OperativeDesktop is dubious software classified as adware with browser hijacker traits. Following successful installation, this app runs intrusive ad campaigns, makes alterations to browser settings in order to promote fake search engines. OperativeDesktop promotes Safe Finder via akamaihd.net in this manner.

Additionally, most adware-type apps and browser hijackers can monitor and collect browsing-related data. Since most users download/install OperativeDesktop inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is the Exorcist ransomware?

Exorcist is a ransomware-type malicious program. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all compromised files are appended with an extension consisting of a ransom string of characters.

For example, a file originally named "1.jpg" could appear as something similar to "1.jpg.rnyZoV" following encryption. After this process is complete, Exorcist ransomware changes the desktop wallpaper and drops HTML applications - "[random-string]-decrypt.hta" (e.g. "rnyZoV-decrypt.hta") - into affected folders. These files contain identical ransom messages.