Virus and Spyware Removal Guides, uninstall instructions

What is LiveRadioSearch?

LiveRadioSearch promotes liveradiosearch.com, a fake search engine. Like most apps of this type, LiveRadioSearch achieves this by changing browser settings without users' permission.

Furthermore, this app gathers browsing-related data.

People often download and install browser hijackers inadvertently and, for this reason, LiveRadioSearch is categorized as a potentially unwanted application (PUA).

What is Aulmhwpbpzi?

Aulmhwpbpzi belongs to the Snatch ransomware family. It encrypts and renames files by appending its extension (".aulmhwpbpzi") to filenames. For example, "1.jpg" is renamed to "1.jpg.aulmhwpbpzi", "2.jpg" to "2.jpg.aulmhwpbpzi", and so on.

Aulmhwpbpzi creates a ransom message within the "HOW TO RESTORE YOUR FILES.TXT" file, which can be found in all folders that contain encrypted files.

What is bestpeacheu[.]com?

Typically, websites such as bestpeacheu[.]com are promoted by other bogus websites, dubious ads, or potentially unwanted applications (PUAs). I.e., users do not often visit them intentionally.

The main purpose of bestpeacheu[.]com and similar sites is to trick visitors into downloading PUAs.

What is Private Deep?

Typically, apps that are classified as a browser hijackers change browser settings without users' permission (they assign them to the address of a fake search engine). Private Deep promotes keysearchs.com in this way and also collects browsing history.

Users often download and install browser hijackers unintentionally and, therefore, Private Deep is also categorized as a potentially unwanted application (PUA).

What is M88P?

M88P encrypts files and changes the filename of each encrypted file by replacing it with the marco88Polo@criptext.com email address, a string of random characters, and the ".M88P" extension.

For example, "1.jpg" is renamed to "[Marco88Polo@criptext.com].2dTJHVkP-KGU2jY25.M88P", "2.jpg" to "[Marco88Polo@criptext.com].3cKYFElO-BFT4hT32.M88P", and so on.

M88P creates a ransom message (within the "#README_M88P#.rtf" file) in all folders that contain encrypted files.

Note that this ransomware belongs to the Matrix ransomware family.

What is fast2captcha[.]com?

fast2captcha[.]com is similar to myniceposts[.]com, fastsolvecaptcha[.]com, kersatur[.]online, and many other web pages. Note that users do not often visit these pages intentionally - they are opened by installed potentially unwanted applications (PUAs), through other bogus web pages, or via dubious advertisements.

What is "DHL Failed Delivery Notification" email virus?

A popular method used by cyber criminals to deliver malware is to send emails that contain a malicious attachment or download link for a malicious file. Usually, these emails are disguised official, important messages from legitimate companies and organizations.

The main purpose of these emails is to trick recipients into opening the malicious file, which then installs malware. This particular email is disguised as a delivery notification from DHL - in fact, it has a malicious archive file attached to it containing an installer for Agent Tesla.

What is TeslaRVNG1.5?

TeslaRVNG1.5 belongs to the Ouroboros ransomware family. This ransomware encrypts files and renames them by prepending the victim's ID, tesla369@cock.li email address, and appending ".teslarvng1.5" extension to their filenames (an updated variants use the ".teslarvng2" and ".teslarvng3" extensions).

For example, "1.jpg" is renamed to "id[7vvnbvnj].[tesla369@cock.li].1.jpg.teslarvng1.5", "2.jpg" to "id[7vvnbvnj].[tesla369@cock.li].2.jpg.teslarvng1.5", and so on. TeslaRVNG1.5 also creates a ransom message (the "teslarvng1.5.hta" file, "teslarvng2.hta" in the updated version) and displays it in a pop-up window.

What is ActivityConfig?

ActivityConfig functions as adware and also as a browser hijacker: it generates advertisements modifies browser settings to promote a fake search engine. It is also likely that this app gathers browsing-related and/or other information.

Note that users often download and install ActivityConfig and similar apps unintentionally and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What kind of malware is RansomExx?

RansomExx encrypts files and modifies their filenames by appending a specific extension, which depends on the target name (for example, the name of the organization).

Cyber criminals have used this ransomware to attack the Texas Department of Transportation. In this case, encrypted files had the ".txd0t" extension appended to filenames. For example, a file named "1.jpg" would be renamed to "1.jpg.txd0t", "2.jpg" to "2.jpg.txd0t", and so on.

RansomExx also creates a ransom message within a text file in all folders that contain encrypted files (its name also depends on the name of the target).