Discovered by Jirehlov, Tongda2000 is one of many ransomware-type programs designed to encrypt files, change filenames and create/display ransom messages. Tongda2000 renames all files by appending "1" to their extensions. For example, it renames a file named "1.jpg" to "1.jpg1", and so on. It cre
Easy File Convert Promos is advertised as a program that converts documents, images, video and audio files to various formats. In fact, it also feeds users with various advertisements and is categorized as adware. These apps are also classified as potentially unwanted applications (PUAs), since pe
The My Login Hub application supposedly provides quick access to various email accounts - users can supposedly access them directly from a newly opened tab. In fact, My Login Hub is actually a browser hijacker, a potentially unwanted application (PUA). Generally, browser hijackers promote the addr
Go Easy Directions Promos is endorsed as a tool for easy access to various maps and routes, however, it is categorized as adware. Following successful infiltration, this app runs intrusive advertisement campaigns and delivers unwanted and even harmful ads. Additionally, Go Easy Directions Promos
Mostheatdr is a group of deceptive sites promoting various scams. Web pages belonging to this group have been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" scheme, however, they might also run other scams. Typically, people access these deceptive sites via redirects c
Heodo is a malicious program and another version of Emotet. Cyber criminals behind Heodo can use it to perform many malicious tasks. For example, to download and execute/install additional malware, steal various personal/sensitive information, and others. Therefore, if Heodo is installed on the op
R44s is a new variant of Ranion ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. When this ransomware encrypts, all affected files are appended with the ".r44s" extension. For example, a file originally named
Twisted Search, also known as TwistedSearch, is software promoted as supposedly improving web searches. In fact, it operates by making alterations to browser settings to promote feed.twistedsearch.com, a fake search engine. Therefore, it is classified as a browser hijacker. Furthermore, it has da
Booster Search (also known as BoosterSearch) is an application designed to improve the browsing experience. In fact, this is a browser hijacker which promotes feed.boostersearch.com (the address of a fake search engine) by modifying browser settings and gathering various information. In most case
DECP belongs to the Matrix ransomware family. This ransomware renames files by replacing filenames with the deccrypasia@yahoo.com email address, a random string of characters and the ".DECP" extension. For example, it renames a file named "1.jpg" to "[deccrypasia@yahoo.com].aiRtzELK-qb6kitil.DECP"