Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "We Cannot Process Payment"?

Our team has inspected the email and uncovered that it is a scam known as phishing. Scammers behind this email aim to trick recipients into believing they have received an invoice. Their ultimate goal is to extract personal information from unsuspecting individuals. Recipients should ignore such emails to avoid potential risks.

What kind of malware is Pwn3d?

We discovered Pwn3d while analyzing samples submitted to the VirusTotal platform. During the inspection, we found that Pwn3d is ransomware that encrypts and renames files and creates a text file ("README.txt") containing a ransom note. Pwn3d appends a string of random characters and the ".pwn3d" extension to filenames.

For instance, it changes "1.jpg" to "1.jpg.{F29674AD-5DBD-F246-0BB8-6C7B6268AF8C}.pwn3d", "2.png" to "2.png.{F29674AD-5DBD-F246-0BB8-6C7B6268AF8C}.pwn3d", and so forth.

What is ProductiveRecognition?

During our inspection of ProductiveRecognition, we noticed that the app delivers intrusive advertisements. This finding has led us to classify ProductiveRecognition as adware. It is common for software of this type to be advertised as legitimate and useful to trick users into installing it on their computers.

What is Applvl?

During our review of Applvl, we found that the application is hosted on a suspicious website and does not have any clear functionality. Moreover, Applvl is bundled with other questionable programs. To avoid potential security and privacy risks, users should not trust and install Applvl.

What is the fake "Drop Coin" website?

After investigating this "Drop Coin" airdrop, we determined that it is fake. The scam claims to be a giveaway for DropCoin (DROP). However, when users connect their digital wallets to the scheme, they are exposed to a cryptocurrency drainer. Victims of scams like this fake airdrop experience financial loss.

What kind of email is "EUROMILLONES LOTERIA INTERNATIONAL"?

After reading the "EUROMILLONES LOTERIA INTERNATIONAL" email, we determined that it is spam. The letter claims that the recipient has won the Euromillones lottery. Typically, scam mail of this kind targets sensitive information or funds directly.

It must be stressed that the information in this email is false, and this spam mail is not associated with the real EuroMillions transnational lottery.

What kind of malware is Copybara?

Copybara is the name of an Android-type malware that operates as a RAT (Remote Access Trojan), spyware, and information stealer. This malicious program was first discovered in the autumn of 2021, and the latest variant emerged in November 2023.

Copybara infiltrates systems under the guise of various existing and legitimate-sounding applications. It has been used to target Italian and Spanish users; however, the malware's activities could also encompass other territories.

What kind of malware is NGate?

NGate is an Android-specific malware. The goal of this software is to enable cyber criminals to make ATM withdrawals from victims' bank accounts. However, the technique used by NGate to facilitate this activity could be used for other malicious purposes.

At the time of writing, this malware was used to target customers of three Czech banks, including Czech Raiffeisenbank and ČSOB (Československá obchodní banka). Six variants of NGate have been discovered, each disguised to match the targeted bank. One associated with this campaign was arrested when withdrawing funds from ATMs in Prague.

What kind of malware is Razrusheniye?

Our researchers discovered Razrusheniye ransomware while investigating new submissions to the VirusTotal platform. Malicious programs within this category operate by encrypting data and demanding payment for the decryption.

After we executed a sample of Razrusheniye on our test machine, it encrypted files and appended their filenames with a ".raz" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.raz", "2.png" as "2.png.raz", and so on. Additionally, Razrusheniye changed the desktop wallpaper and dropped a ransom note named "README.txt".

What is HZ RAT?

HZ RAT is a backdoor malware targeting macOS users (more precisely, users of DingTalk and WeChat versions for macOS). It is important to note that there is also a Windows version of HZ RAT malware. In order to avoid potential risks, victims should remove the malware from infected computers as soon as possible.