Virus and Spyware Removal Guides, uninstall instructions

What is Vhd?

Discovered by Jirehlov Solace, Vhd is ransomware. Typically, software of this type is designed to encrypt victims files, rename them and create or display ransom messages. This ransomware renames encrypted files by appending the ".vhd" extension to filenames.

For example, it renames "1.jpg" to "1.jpg.vhd", and so on. It also changes the file icons. Vhd creates a ransom message within a text file named "HowToDecrypt.txt".

What is Radio Hub Online?

Radio Hub Online is a browser hijacker endorsed as providing easy access to live radio streaming services. In fact, this rogue software modifies browsers, promotes a fake search engine (radiohubonline.com), and tracks browsing-related data. Since most users install Radio Hub Online unintentionally, it is also classified as a Potentially Unwanted Application (PUA).

What is UPPER?

Discovered by dnwls0719, UPPER is a ransomware-type malicious program. It operates by encrypting data and demanding payment for decryption. When this ransomware encrypts, all affected files are appended with the ".UPPER" extension. For example, a file such as "1.jpg" would appear as "1.jpg.UPPER" following encryption.

Once this process is complete, a ransom message ("infoUPPER.txt") is created on the desktop.

What is CommonBrand?

Like many other adware-type apps, CommonBrand supposedly improves the browsing experience and/or delivers various features.

In fact, it serves intrusive advertisements and gathers information. Furthermore, it promotes the Safe Finder website by opening it through akamaihd.net. Apps such as CommonBrand are categorized as potentially unwanted applications (PUAs), since people usually download and install the adware unintentionally.

What is C-VIR?

Discovered by Jakub Kroustek, C-VIR is malicious software belonging to the Dharma ransomware family. Typically, software of this type encrypts files, changes their filenames and creates and/or displays ransom messages. C-VIR renames encrypted files by adding the victim's ID, coronavirus@foxmail.com email address and appending ".C-VIR" extension to filenames.

For example, it would rename a file named "1.jpg" to a filename similar to "1.jpg.id-1E857D00.[coronavirus@foxmail.com].C-VIR", "2.jpg" to "2.jpg.id-1E857D00.[coronavirus@foxmail.com].C-VIR", and so on. Instructions about how to contact cyber criminals can be found in the "FILES ENCRYPTED.txt" text file and a displayed pop-up window.

What is Quick Photo Editor?

Quick Photo Editor is a rogue application supposedly capable of providing easy access to various free photo editing services. It makes modifications to browser settings to promote search.hquickphotoeditor.com (a fake search engine). Therefore, this app is classified as a browser hijacker.

Furthermore, most apps within this classification monitor users' browsing activity. Since few users download/install this application intentionally, Quick Photo Editor is also classified as a Potentially Unwanted Application (PUA).

What is Waldo?

Discovered by dnwls0719, Waldo is a malicious program classified as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. During the encryption process, filenames of affected files are typically appended with an extension, however, in the case of Waldo, they remain unchanged.

After the malicious executable file of this ransomware is executed, a pop-up window is displayed. The text presented instructs users to read a ransom message within a text file ("READ_ME.txt"), which is created on the desktop.

What is vmos.xyz?

There are many fake search engines on the internet. In most cases, they are promoted through potentially unwanted applications (PUAs), browser hijackers. Note that vmos.xyz is the address of a fake search engine, which is promoted through PUAs named SApp+ and Ext Apps.

It is possible that other browser hijackers also promote this address. Generally, PUAs achieve this by changing certain browser settings. Most browser hijackers also promote fake search engines and track information.

What is belazyelephant[.]com?

belazyelephant[.]com opens various untrusted pages or loads dubious content. It functions in a similar way to many other rogue websites including, for example, go9news[.]biz, alisalis[.]com and exq-timepieces[.]com. These are often opened by potentially unwanted applications (PUAs) installed on the system.

Apps of this type can collect details relating to users' browsing habits and display various ads. They are classified as PUAs, since people tend to download and install them unintentionally.

What is alisalis[.]com?

alisalis[.]com is one of many rogue websites that load dubious content or redirect visitors to other untrusted web pages. Some examples of other pages similar to alisalis[.]com include go9news[.]biz, speakwithjohns[.]com and exq-timepieces[.]com. Browsers often open websites of this type when potentially unwanted apps (PUAs) are installed on them.

Note that alisalis[.]com and other rogue sites can be opened through other dubious web pages or intrusive ads. In summary, people do not visit them intentionally. PUAs can also gather browsing-related data and serve advertisements.