Virus and Spyware Removal Guides, uninstall instructions

What kind of application is AssistivePlatform?

Upon examining the AssistivePlatform application, our analysis revealed that it exhibits intrusive advertisements. Such applications are known as adware or advertising-supported applications. Users commonly install adware without their knowledge or awareness.

What kind of malware is Meduza?

Meduza is a type of malware created using the C++ programming language, specifically designed to steal information. It targets various applications and clients, including web browsers and cryptocurrency wallets, with the objective of collecting sensitive data. This malicious software is available for purchase on the black market, priced at $199 per month.

What kind of application is BalanceSignal?

We found the BalanceSignal app while inspecting new submissions to the VirusTotal website. After investigating this application, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family.

What kind of malware is Rhysida?

Rhysida is the name of a ransomware-type program. It is designed to encrypt data and demand payment for its decryption.

On our testing machine, Rhysida encrypted files and appended their filenames with a ".rhysida" extension. To elaborate, a file originally named "1.jpg" appeared as "1.jpg.rhysida", "2.png" as "2.png.rhysida", and so on for all of the affected files.

After the encryption process was finished, this ransomware created a ransom note titled "CriticalBreachDetected.pdf". The message therein clearly indicated that Rhysida targets companies rather than home users.

What kind of email is "Moldindconbank"?

After inspecting this "Moldindconbank" email, we determined that it is fake. This letter targets clients of the Moldindconbank Moldovan bank. The spam email states that the recipient's card has been suspended due to suspicious activity. To rectify this issue, the recipient is to conclude a verification process via a phishing website.

It must be stressed that all these claims are false, and this email is in no way associated with the actual Moldindconbank.

What kind of malware is Havoc?

While inspecting new submissions to VirusTotal, our researchers found the Havoc ransomware. Malware of this kind is designed to encrypt data and demand payment for its decryption.

On our test machine, Havoc encrypted files and altered their filenames. Original titles were appended with the attackers' email, a unique ID assigned to the victim, and the ".havoc" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.EMAIL=[aesdecrypt@gmail.com ]ID=[6D150A0B7E53F99E].havoc".

Once the encryption was completed, the ransomware created a ransom-demanding message titled "FILES ENCRYPTED.txt".

What kind of scam is "Webmail Password Center"?

Upon careful analysis of this email, our team has concluded that it is an instance of phishing. The email is designed to deceive recipients by posing as a communication from an email service provider, specifically impersonating Webmail. The primary goal of scammers is to trick unsuspecting individuals into visiting a fraudulent website and divulging their personal information.

What kind of page is tunnelbuilder[.]top?

Tunnelbuilder[.]top is a deceptive website designed to trick visitors into subscribing to its notifications. Also, tunnelbuilder[.]top redirects users to similar pages. Users rarely intentionally open such pages. Our team encountered tunnelbuilder[.]top while investigating websites that use dishonest advertising networks.

What kind of malware is Atlas?

Atlas is the name of a clipper-type malware. Malicious programs categorized as such are designed to replace content copied into the clipboard. Atlas detects whenever a victim copies a cryptocurrency wallet address and replaces it – thus rerouting outgoing transactions.

What kind of page is gadscare[.]com?

Our researchers discovered the gadscare.com rogue page while investigating suspect sites. This webpage is designed to promote browser notification spam and redirect visitors elsewhere (likely unreliable/harmful sites). Users primarily enter such pages via redirects generated by websites using rogue advertising networks.