Virus and Spyware Removal Guides, uninstall instructions

What is "apple.com-mac-optimizer[.]live"?

apple.com-mac-optimizer[.]live is a scam website, which uses scare-tactics to trick people into installing the Cleanup My Mac application. When accessed, it alerts visitors of various threats it has detected and promotes the app to eliminate them. Note that no website can detect infections/issues present on devices.

Therefore, any 'threats' these sites claim to find are fake. Do not download/install software endorsed on these pages, since it is often bogus and nonoperational. In most cases, apple.com-mac-optimizer[.]live is entered through redirects caused by Potentially Unwanted Applications (PUAs) already present on the device.

What is Mockba?

Mockba encrypts files, renames them by adding the ".mockba" extension to filenames (e.g. "1.jpg" becomes "1.jpg.mockba"), and creates a ransom message within the "# HOW TO RECOVER YOUR DATA #.txt" text file. Software of this type is known as ransomware.

These malicious programs are used to block access to data unless victims pay a ransom. Therefore, victims of ransomware attacks are forced to purchase decryption tools and/or keys.

What is "Firdayfun"?

Firdayfun is a family of scam websites designed to promote untrustworthy software. This variation promotes Smart Mac Booster, a dubious application categorized as a Potentially Unwanted Application (PUA). Deceptive/Scam sites typically use scare tactics to encourage visitors into downloading/installing the products they endorse.

Firdayfun displays virus detection alarms and urges people to install Smart Mac Booster. No website is capable of detecting threats/issues on devices.

Therefore, all viruses/malware they claim to find are fake. Additionally, the software promoted on these web pages is usually bogus and nonfunctional. In most cases, Firdayfun is opened by PUAs already present on the system.

What is DavesSmith?

DavesSmith (also known as Balaclava) is malicious software classified as ransomware. It is designed to encrypt data and demand ransom payments for decryption. There are two known variants of this ransomware.

During the encryption process, all files are appended with the developer's email address: one version adds ".daves.smith@aol.com", and the other, ".[daves.smith@aol.com]". For example, "1.jpg" might be renamed as "1.jpg.daves.smith@aol.com" or "1.jpg.[daves.smith@aol.com]".

After this process is complete, DavesSmith stores an HTML file ("HOW_RECOVER.html") or a text file ("RECOVERY FILE.txt") in each affected folder.

What is My Flight Finder?

My Flight Finder is advertised as an app that allows users to access websites, which provide information about the flights of various airlines. In fact, it operates as a browser hijacker, changing browser settings and gathering information.

Typically, people do not download or install apps of this type intentionally and, for this reason, My Flight Finder is classified as potentially unwanted application (PUA).

Furthermore, developers distribute it with another PUA called Hide My Searches. Therefore, it is very likely that people who have installed My Flight Finder, also have Hide My Searches installed on their systems.

What is The PC Power?

The PC Power is software endorsed as a system cleaner and optimizer. It is allegedly capable of freeing up storage space, detecting and removing unnecessary files, malware, spyware, adware, and other threats/issues. Due to its dubious proliferation methods, it is categorized as a Potentially Unwanted Application (PUA).

The PC Power has a promotional website, from which a trial version can be downloaded free of charge and the full version purchased, however, it can also be inadvertently installed together with other programs. This deceptive marketing tactic of pre-packing regular software with unwanted content is called "bundling".

What is Derp?

Derp is malicious software categorized as ransomware. Derp is a part of a ransomware family called Djvu. Like most programs of this type, it encrypts files so that victims cannot access or use them unless they pay ransoms to cyber criminals. Furthermore, Derp renames all encrypted files by changing their extensions to ".derp".

For example, "1.jpg" becomes "1.jpg.derp". It also creates a text files named "_readme.txt" and stores a copy in every folder that contains encrypted data.

What is DynamicPanel?

DynamicPanel is an app categorized as adware. It supposedly allows easy web browsing, however, it actually feeds users with intrusive advertisements. It also operates as an information tracking tool, recording details relating to users' browsing habits and other information.

Most people download and install apps such as DynamicPanel unintentionally and, for this reason, they are also known as potentially unwanted applications (PUAs).

What is Safe ransomware?

Safe is a new variant of Paradise ransomware. It operates by encrypting data and demanding ransom payments for decryption. When encryption is underway, all files are appended with a unique ID number (generated individually for each victim), the developer's email address, and ".safe" extension (format: "[id-[victim's_ID]].[opensafezona@cock.li].safe").

For example, "1.jpg" might be renamed to a filename such as "1.jpg[id-UZMv97Qb].[opensafezona@cock.li].safe", and so on for all encrypted files. Once this process is complete, an HTML file named "=_BACK_FILES_~.html" is created and stored on the desktop.

What is tencecatche[.]info?

People who arrive at tencecatche[.]info are presented with dubious content or redirected to other untrustworthy websites. This site operates in a similar manner to many other rogue sites including, for example, robotornotchecks[.]online, zwenews[.]biz, and vikolidoskopinsk[.]info.

In most cases, the sites are opened by potentially unwanted applications (PUAs) that are installed on browsers. Therefore, people do not generally open websites such as tencecatche[.]info intentionally. Furthermore, PUAs commonly feed users with unwanted advertisements and gather data. Note that many users download and install PUAs inadvertently.