Virus and Spyware Removal Guides, uninstall instructions

What kind of application is MachineDesktop?

MachineDesktop is a rogue app that we discovered while investigating new submissions to the VirusTotal site. After inspecting this application, we determined that it is advertising-supported software (adware). Additionally, we learned that MachineDesktop belongs to the AdLoad malware family.

What kind of malware is TriangleDB?

TriangleDB is a spyware-type program. It is designed to extract/record and exfiltrate vulnerable data from infected iPhone devices.

TriangleDB has been observed being injected into devices by the Triangulation backdoor. This malware campaign is sophisticated; the infection is triggered without user interaction (i.e., zero-click exploit), and traces of compromise are deleted. Triangulation and, by extension, TriangleDB have been around since as early as 2019 and are still active as of 2023.

What kind of malware is Triangulation?

Triangulation is the name of malware targeting iOS devices. It is part of a highly sophisticated campaign. Triangulation serves as a backdoor – a program that opens a "backdoor" for further infections. The malware can gather basic device/user data and download/install additional malicious components, including the TriangleDB spyware.

What Triangulation lacks in persistence-ensuring mechanisms, it compensates with infiltration methods requiring no user interaction (i.e., zero-click exploit) and its ability to remove traces of its presence.

Triangulation malware has been around since at least as early as 2019, and it is still active at the time of writing.

What kind of page is ooumoughtcall[.]com?

During our investigation of ooumoughtcall[.]com, we discovered that it is a deceptive website that presents a misleading message to entice visitors into consenting to receive notifications. Furthermore, ooumoughtcall[.]com can download a potentially harmful file. As a result, it is advisable to exercise caution and refrain from placing trust in ooumoughtcall[.]com.

What kind of page is heavypcprotection[.]com?

During our examination of web pages linked to unreliable advertising networks, we encountered heavypcprotection[.]com. Our investigation revealed that heavypcprotection[.]com is an untrustworthy website known for promoting the "McAfee - Your PC is infected with 5 viruses!" scam. Furthermore, heavypcprotection[.]com prompts users to grant permission to display notifications.

What kind of software is Sqoo search engine?

Sqoo search engine is the name of an extension that operates as a browser hijacker. This piece of software makes changes to browser settings in order to generate redirects that go through the sharesceral.uno and sqoo.co fake search engines. Additionally, this browser extension spies on users' browsing activity.

What kind of application is PrimaryRemote?

During a routine inspection of new submissions to VirusTotal, our researchers found the PrimaryRemote application. Our examination revealed that this app operates as advertising-supported software (adware). We also determined that PrimaryRemote is part of the AdLoad malware family.

What kind of application is PrimaryBuffer?

PrimaryBuffer is a rogue application that our research team discovered while investigating new submissions to VirusTotal. After examining this piece of software, we determined that it is adware belonging to be AdLoad malware family.

What kind of page is bfjaxi[.]cfd?

Bfjaxi[.]cfd is a shady website that our team encountered while examining sites that use rogue advertising networks. While inspecting bfjaxi[.]cfd, we noticed that this website uses a deceptive approach to receive permission to show notifications. It is worth mentioning that users often land on such pages inadvertently.

What kind of malware is RDStealer?

RDStealer is a data-stealing malware written in the Go programming language. This stealer's infection chain includes the Logutil backdoor – a type of malware designed to open a "backdoor" into a system to further the infection. Logutil is likewise based on Go, and it is a cross-platform malware capable of infecting Windows, Linux, and VMware ESXi.

Stealers target a variety of sensitive data, but what makes this campaign stand out is the ability to monitor RDP (Remote Desktop Protocol) clients and subsequently infect them.