Virus and Spyware Removal Guides, uninstall instructions

What is Povlsomware?

Povlsomware is a type of malware that makes files inaccessible by encryption and keeps them in this state until victims recover them with the decryption keys that can only be purchased from the attackers.

Ransomware generally encrypts files and also renames them (appends its extension to their filenames). Despite this, Povlsomware actually keeps original filenames. This ransomware shows a ransom message in a pop-up window.

Povlsomware is pen-source ransomware and is compatible with Cobalt Strike (this makes it more difficult for antivirus solutions to detect this ransomware).

What is Purple Fox?

Purple Fox (PurpleFox) is the name of a malware downloader, a malicious program that proliferates other programs of this type. This malware is used to infect systems with cryptocurrency mining programs. In any case, Purple Fox can cause serious damage and must be uninstalled immediately.

What is filemix-1[.]com?

Sharing many common traits with informistio.com, news-hot.xyz, ro01.biz, appzery.com, and countless others, filemix-1[.]com is a rogue website. Visitors to this page are presented with dubious material and/or are redirected to other untrusted and malicious sites.

People usually access these web pages inadvertently via redirects caused by intrusive advertisements or installed Potentially Unwanted Applications (PUAs). This software does not require explicit user permission to infiltrate systems.

PUAs can have dangerous capabilities such as causing redirects, running intrusive ad campaigns, and gathering browsing-related data.

What is the "We are Interested in buying your product" scam email?

"We are Interested in buying your product" refers to a spam campaign, a large-scale operation during which deceptive emails are sent by the thousand.

Spam campaigns aim to gain and abuse the email recipients' trust through fake claims and emotional manipulation. The messages distributed through this campaign ask recipients to provide a product quote.

What is GlobalAdviseSearch?

GlobalAdviseSearch is an adware-type application belonging to the AdLoad adware family. It is typically disguised as a fake Adobe Flash Player updater and operates by running intrusive advertisement campaigns.

Additionally, this app might possess browser hijacker traits, such as promotion of fake search engines. Due to the highly dubious distribution methods used for GlobalAdviseSearch, is also classified as a Potentially Unwanted Application (PUA).

Most PUAs (including adware) have data tracking capabilities, which they employ to monitor users' browsing habits.

What is Nok App?

Typically, browser hijackers promote fake search engines by making changes to browser settings. In addition, they often collect details relating to users' browsing habits.

Most users download and install browser hijackers inadvertently and, therefore, applications such as Nok App are classified as potentially unwanted applications (PUAs).

Nok App promotes the keysearchs.com address/fake search engine.

What is the "PASSWORD EXPIRATION NOTICE" email scam?

In most cases, scammers behind email phishing scams attempt to trick recipients into providing personal information such as bank account numbers, credit card details, passwords and other sensitive details, which can then be misused for malicious purposes.

In this particular case, scammers attempt to deceive recipients into entering their Office 365 login credentials onto a fake Microsoft website.

What is the fake "Banca Popolare di Bari" email?

"Banca Popolare di Bari email scam" is the name of a spam campaign, a mass-scale operation during which thousands of deceptive emails are sent. The emails distributed through this campaign are disguised as messages from Banca Popolare di Bari, a genuine Italian bank based in the Bari, Apulia region.

These fake emails claim that recipients must update their Banca Popolare di Bari accounts for security reasons. In fact, this spam campaign aims to promote a phishing website, which is presented as the Banca Popolare di Bari sign-in page.

Log-in credentials (i.e., usernames and passwords) entered into this site are exposed to the scammers, thereby allowing them access and control over the online bank accounts.

What is XcodeSpy?

XcodeSpy malware targets Apple developers and spreads through malicious (trojanized) Xcode projects (Run Script feature in Xcode IDE). Research shows that one of these malicious Xcode projects (called TabBarInteraction) supposedly includes features for animating the iOS Tab Bar.

It is likely that there is more than one trojanized Xcode project. Malicious code used by XcodeSpy can easily be hidden and launched in any third-party Xcode project.

XcodeSpy (or rather the backdoor it injects) can record audio using the microphone, video using camera, and keyboard input. It can also download and upload files.

What is the DiStUrBeD ransomware?

DiStUrBeD is a malicious program belonging to the Xorist ransomware family. It operates by encrypting data (thereby making the files inaccessible) and demanding payment for decryption.

During the encryption process, files are appended with the ".DiStUrBeD" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.DiStUrBeD" following encryption.

After this process is complete, identical ransom messages are created in a pop-up window and "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" text file.

Note that if the compromised system does not have the Cyrillic alphabet, the text presented in the pop-up will appear as nonsensical gibberish.