Virus and Spyware Removal Guides, uninstall instructions

What is PDFSearchHD?

PDFSearchHD is a browser hijacker because it promotes a fake search engine (pdfsearchhd.com) by changing certain browser settings. It is also likely to collect browsing data. Note that browser hijackers are classified as potentially unwanted applications (PUAs), since users often download and install them inadvertently.

What is the "POWERBALL OFFICIAL 2020 WINNINGS" email?

"POWERBALL OFFICIAL 2020 WINNINGS" is an email phishing spam campaign. The term "spam campaign" refers to a mass-scale operation, during which thousands of deceptive emails are sent.

The messages distributed through the "POWERBALL OFFICIAL 2020 WINNINGS" spam campaign are disguised as official mail from Powerball, an American lottery game offered by 45 states, the District of Columbia, Puerto Rico, and U.S. Virgin Islands. These scam emails are in no way associated with the genuine lottery and all of the information provided within them is false.

The purpose of this spam campaign is phishing. I.e., the messages are intended to trick recipients into providing their personal information, which can then be potentially used to further this or other scams.

What is Thcuhswza?

Thcuhswza belongs to the Snatch ransomware family. It renames every file that it has encrypted and creates a ransom message in all folders that contain encrypted files. Thcuhswza renames files by appending the ".thcuhswza" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.thcuhswza", "2.jpg" to "2.jpg.thcuhswza", and so on.

The ransom messages that it creates appear in text files named "HOW TO RESTORE YOUR FILES.TXT".

What is Search-Streamly?

Search-Streamly promotes search-streamly.com, a fake search engine. Like most apps of this type, it achieves this by changing certain browser settings. Additionally, it might be designed to gather information relating to users' browsing activities and other details.

Frequently, users download and install browser hijackers  inadvertently and, therefore, Search-Streamly and other apps of this type are classified as potentially unwanted applications (PUAs).

What is OperativeSync?

OperativeSync is an adware-type application with browser hijacker traits. Following successful installation, it runs intrusive advertisement campaigns and makes modifications to browser settings to promote bogus search engines. On Google Chrome browsers, OperativeSync promotes search.basicgeneration.com, whilst on Safari browsers, d2sri.com.

Additionally, most adware-type apps and browser hijackers have data tracking capabilities, which are employed to monitor users' browsing activity. Due to the dubious techniques used to spread OperativeSync, it is also classified as a Potentially Unwanted Application (PUA).

What is Acuff?

Acuff belongs to the Phobos ransomware family. Malware of this type is designed to encrypt data, rename each encrypted file, and generate ransom messages. This particular ransomware program renames encrypted files by adding the victim's ID, the unlockfiles2021@cock.li email address to filenames, and appending the ".Acuff" extension.

For example, "1.jpg" is renamed to "1.jpg.id[C279F237-2275].[unlockfiles2021@cock.li].Acuff", "2.jpg" to "2.jpg.id[C279F237-2275].[unlockfiles2021@cock.li].Acuff", and so on. Note that Acuff generates two ransom messages in the "info.hta" and "info.txt" files.

What is RXD?

RXD is a malicious program and part of the Dharma ransomware family. It blocks access to files by encryption, renames each encrypted file, and provides instructions about how to contact the developers regarding data decryption. RXD renames files by adding the victim's ID, the debri@keemail.me email address and appending the ".RXD" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[debri@keemail.me].RXD", "2.jpg" to "2.jpg.id-C279F237.[debri@keemail.me].RXD", and so on. Instructions about how to contact the developers are provided in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is Beneficiary/Inheritance email scam?

Generally, scammers behind email scams such as this one attempt to trick recipients into believing that they are beneficiaries of a will, life insurance policy, etc. Scammers ask recipients to contact them and provide various information. At some point, recipients are asked to pay a processing fee or transfer charge.

Note that scammers exploit the names of existing, often well-known organizations and companies to make their emails seem legitimate.

What is Termit?

Termit belongs to the Dcrtr ransomware family. Like most programs of this type, Termit encrypts files, renames them, and creates a ransom message. It renames files by adding the ashtray@outlookpro.net email address and appending the ".termit" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.termit", "2.jpg" to "2.jpg.termit", and so on. Termit creates the "ReadMe_Decryptor.txt" text file (ransom message) in each folder that contains encrypted files.

What is Restoreserver?

Restoreserver is part of the Scarab ransomware family. This ransomware is designed to encrypt files, rename them, and create the "HOW TO RECOVER ENCRYPTED FILES.TXT" text file (ransom message) in all folders that contain encrypted files. Restoreserver renames files by replacing their filenames with a string or random characters and the ".restoreserver" extension.

For example, "1.jpg" is renamed to "gAfFM6+JJ=Jsk.restoreserver", "2.jpg" to "DNSjkoN8+KK=Hgf.restoreserver", and so on.