Virus and Spyware Removal Guides, uninstall instructions

What is ProfessionalHelper?

ProfessionalHelper is a rogue app that our research team discovered while inspecting new submissions to VirusTotal. Our analysis revealed that this application operates as adware. Additionally, we learned that ProfessionalHelper belongs to the AdLoad malware family.

What kind of malware is Pphg?

We have found a new ransomware variant from the Djvu family named Pphg while examining malware samples submitted to VirusTotal. It was found that Pphg encrypts files and appends the ".pphg" extension to filenames (for example, it renames "1.jpg" to "1.jpg.pphg", "2.jpg" to "2.jpg.pphg"), and creates a ransom note (a file named "_readme.txt").

What kind of page is allprofitsurvey[.]top?

Allprofitsurvey[.]top is an untrustworthy website that displays deceptive content (runs a fake survey) and asks for permission to show notifications. We discovered this site while inspecting other untrustworthy pages (such as illegal movie streaming and torrent sites) that use shady advertising networks.

What kind of page is desktopnotificationsonline[.]com?

While researching untrustworthy sites, we discovered the desktopnotificationsonline[.]com webpage. This rogue page is designed to push browser notification spam and redirect visitors to other (likely unreliable/hazardous) websites. Most users enter rogue pages via others that use rogue advertising networks.

What kind of malware is SunnyDay?

SunnyDay is the name of ransomware that we discovered while inspecting malware samples submitted to VirusTotal. Our malware researchers found that SunnyDay encrypts files, appends ".SunnyDay" extension to filenames, and generates a ransom note (the "!-Recovery_Instructions-!.txt" file).

An example of how files encrypted by SunnyDay are modified: "1.jpg" gets renamed to "1.jpg.SunnyDay", "2.png" to "2.png.SunnyDay", and so forth.

What is Goose ransomware?

Discovered by the MalwareHunterTeam, Goose is a piece of malicious software categorized as ransomware. We sampled it from VirusTotal and analyzed it.

After being released on our test machine, the Goose ransomware began encrypting files. However, unlike most malicious programs of this type, it did not modify the names of affected files. Once the encryption was complete, a ransom note was displayed in a pop-up window.

It is noteworthy that Goose has many deviations from regular ransomware, which puts its goals into question.

What kind of scam is "We are Ukrainian hackers and we hacked your site"?

Recently, many scammers have been using the situation in Ukraine to trick people into sending them money or providing sensitive information. They are pretending to be legitimate organizations and ask for donations. We have analyzed this email and learned that scammers behind it use a certain scare tactic to trick recipients into transferring cryptocurrency.

What is Acepy ransomware?

Discovered by Petrovic, Acepy is the name of a ransomware-type program. It is designed to encrypt data and demand payment for the decryption.

We sampled Acepy from VirusTotal and ran it on our test machine. The files on the system were encrypted, and their names were appended with a ".acepy" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.acepy", "2.png" as "2.png.acepy", and so on.

Afterwards, identical ransom notes were created/displayed in the Command Prompt (cmd) window and "ACEPY_README.txt" text file, which was dropped onto the desktop.

What kind of application is PartnerPixel?

PartnerPixel is an untrustworthy application that our team has discovered on a shady website. After examination, it was found that the purpose of PartnerPixel is to generate various advertisements. Apps that operate this way are classified as adware. Typically, software of this type is promoted and distributed using deceptive sites and other methods.

What is DefaultImprovment?

While inspecting new submissions to VirusTotal, our research team discovered the DefaultImprovment application. After analyzing this piece of software, we determined that it is an adware belonging to the AdLoad malware family.