Virus and Spyware Removal Guides, uninstall instructions

What is "FedEx Express Email Virus"?

"FedEx Express Email Virus" is yet another spam email campaign disguised as a shipment arrival notification from the FedEx company.

The main purpose of this campaign is to give the impression of legitimacy and trick recipients into opening a malicious attachment (typically, an archive file). Once opened/executed, the attachment injects LokiBot trojan into the system.

LokiBot is high-risk malware designed to gather various data and save it to a remote server.

What is Direct Search?

Browser hijackers promote fake search engines by changing the settings of hijacked browsers. Direct Search promotes the search-direct.net address in this way. It also adds the "Managed by your organization" feature to Chrome browsers.

This app is virtually identical to another browser hijacker called Storm Search.

These rogue apps are not often downloaded or installed intentionally and, for this reason, they are categorized as potentially unwanted applications (PUAs). Note also that Direct Search collects browsing-related information.

What is Povlsomware?

Povlsomware is a type of malware that makes files inaccessible by encryption and keeps them in this state until victims recover them with the decryption keys that can only be purchased from the attackers.

Ransomware generally encrypts files and also renames them (appends its extension to their filenames). Despite this, Povlsomware actually keeps original filenames. This ransomware shows a ransom message in a pop-up window.

Povlsomware is pen-source ransomware and is compatible with Cobalt Strike (this makes it more difficult for antivirus solutions to detect this ransomware).

What is Purple Fox?

Purple Fox (PurpleFox) is the name of a malware downloader, a malicious program that proliferates other programs of this type. This malware is used to infect systems with cryptocurrency mining programs. In any case, Purple Fox can cause serious damage and must be uninstalled immediately.

What is filemix-1[.]com?

Sharing many common traits with informistio.com, news-hot.xyz, ro01.biz, appzery.com, and countless others, filemix-1[.]com is a rogue website. Visitors to this page are presented with dubious material and/or are redirected to other untrusted and malicious sites.

People usually access these web pages inadvertently via redirects caused by intrusive advertisements or installed Potentially Unwanted Applications (PUAs). This software does not require explicit user permission to infiltrate systems.

PUAs can have dangerous capabilities such as causing redirects, running intrusive ad campaigns, and gathering browsing-related data.

What is the "We are Interested in buying your product" scam email?

"We are Interested in buying your product" refers to a spam campaign, a large-scale operation during which deceptive emails are sent by the thousand.

Spam campaigns aim to gain and abuse the email recipients' trust through fake claims and emotional manipulation. The messages distributed through this campaign ask recipients to provide a product quote.

What is GlobalAdviseSearch?

GlobalAdviseSearch is an adware-type application belonging to the AdLoad adware family. It is typically disguised as a fake Adobe Flash Player updater and operates by running intrusive advertisement campaigns.

Additionally, this app might possess browser hijacker traits, such as promotion of fake search engines. Due to the highly dubious distribution methods used for GlobalAdviseSearch, is also classified as a Potentially Unwanted Application (PUA).

Most PUAs (including adware) have data tracking capabilities, which they employ to monitor users' browsing habits.

What is Nok App?

Typically, browser hijackers promote fake search engines by making changes to browser settings. In addition, they often collect details relating to users' browsing habits.

Most users download and install browser hijackers inadvertently and, therefore, applications such as Nok App are classified as potentially unwanted applications (PUAs).

Nok App promotes the keysearchs.com address/fake search engine.

What is the "PASSWORD EXPIRATION NOTICE" email scam?

In most cases, scammers behind email phishing scams attempt to trick recipients into providing personal information such as bank account numbers, credit card details, passwords and other sensitive details, which can then be misused for malicious purposes.

In this particular case, scammers attempt to deceive recipients into entering their Office 365 login credentials onto a fake Microsoft website.

What is the fake "Banca Popolare di Bari" email?

"Banca Popolare di Bari email scam" is the name of a spam campaign, a mass-scale operation during which thousands of deceptive emails are sent. The emails distributed through this campaign are disguised as messages from Banca Popolare di Bari, a genuine Italian bank based in the Bari, Apulia region.

These fake emails claim that recipients must update their Banca Popolare di Bari accounts for security reasons. In fact, this spam campaign aims to promote a phishing website, which is presented as the Banca Popolare di Bari sign-in page.

Log-in credentials (i.e., usernames and passwords) entered into this site are exposed to the scammers, thereby allowing them access and control over the online bank accounts.