Discovered by Marcelo Rivero, AHP is a malicious program that belongs to the Dharma ransomware family. This malware operates by encrypting data and demanding payment for decryption. During the encryption process, all affected files are renamed according to this pattern: original filename, unique
StreamSearchs is a browser hijacker which changes certain browser settings to streamsearchs.com (the address of a fake search engine). It also collects browsing data (information relating to users' browsing habits). Commonly, users download and install browser hijackers inadvertently and, therefo
Registry Cleaner is untrusted software endorsed as a tool for cleaning, repairing and optimizing the operating system by managing registry files. Due to the dubious methods used to proliferate Registry Cleaner, however, it is classified as a Potentially Unwanted Application (PUA). PUAs are often
Discovered by GrujaRS, Txdot (also known as RansomEXX) ransomware is designed to perpetually block access to files by encryption, rename every encrypted file and create a ransom message. It renames files by appending the ".txd0t" extension to filenames. For example, it would change a file called
Typically, users do not visit bestdealfor20[.]life or similar sites intentionally - they are opened through deceptive advertisements, other untrusted websites or by potentially unwanted applications (PUAs) that are installed on browsers and/or computers. When visited, websites such as bestdealfor2
Lina is a part of the Dharma ransomware family. Like other malware of this type, it is designed to encrypt files, change their filenames and provide victims with instructions about how to contact the developers. Lina renames files by adding the victim's ID, linajamser@aol.com email address and app
VuLiCaPs is a malicious program belonging to the Xorist ransomware family. It is designed to encrypt data and demand payment for decryption. During the encryption process, files are appended with the ".VuLiCaPs" extension. For example, a file originally named something like "1.jpg" would appear as
CoordinatorBoost serves advertisements, collects sensitive information and promotes the z6airr.com and adjustablesample.com fake search engines. This app functions as adware and a browser hijacker. Typically, users download and install apps of this type inadvertently and, for this reason, they a
ExtendedLibrary is an adware-type application with browser hijacker characteristics. This app delivers intrusive advertisements and makes modifications to browsers to promote bogus search engines. Additionally, most adware-type apps and browser hijackers collect browsing-related information. Du
Npph is ransomware belonging to the Djvu ransomware family. It encrypts files, modifies their filenames and creates a ransom message. Note that Npph renames files by appending the ".npph" extension to filenames. For example, it would rename "1.jpg" to "1.jpg.npph", "2.jpg" to "2.jpg.npph", and so