Virus and Spyware Removal Guides, uninstall instructions

What is the "Chase account has been locked" email scam?

It is common that scammers use email to trick recipients into providing them personal information (e.g., login credentials, social security numbers, credit card details). Their goal is to extract information that could be used to access bank, email, social media or other accounts, make unauthorized purchases, etc.

In order to give their emails legitimacy scammers pretend to be legitimate companies, organizations, or other entities. This particular email is disguised as a letter from Chase, an American national bank.

What is the "DHL Package Tracking Confirmation" scam email?

"DHL Package Tracking Confirmation email scam" refers to a spam campaign - large-scale operation during which thousands of deceptive emails are sent. The letters distributed via this campaign - are presented as notifications from DHL International - a legitimate courier, package delivery, and express mail service.

The scam emails claim that the delivery address requires another confirmation. "DHL Package Tracking Confirmation" spam campaign aims to promote a phishing website designed to record email account log-in credentials.

What is gate15[.]xyz?

Gate15[.]xyz is virtually identical to get-your[.]cash, news-runytuh[.]cc, rtenmy[.]com and hundreds of other websites of this type. All these pages have at least one thing in common: they are designed to load deceptive content and open various questionable pages (they do one or another after checking the visitor's IP address).

It is noteworthy that most of the times, pages like gate15[.]xyz get visited unintentionally. More precisely, they get opened through other shady websites, unreliable ads, or potentially unwanted applications (PUAs).

What is OperativeBitUnit?

OperativeBitUnit is designed to serve advertisements, persuade users into using a fake search engine and collect browsing data (and possibly other information). This application functions as adware, browser hijacker, and a data collector.

As a rule, apps like OperativeBitUnit get downloaded and installed by users without their knowledge. For this reason, they are categorized as potentially unwanted applications (PUAs).

Usually, PUAs are distributed using questionable, deceptive methods. Research shows that to trick users into installing OperativeBitUnit, its developers use a fake Adobe Flash Player installer.

What is "New Tab Explorer — Explore the Web on New Tab"?

"New Tab Explorer — Explore the Web on New Tab" is the name of an adware-type browser extension. It operates by running intrusive advertisement campaigns (delivering various ads) and collecting browsing-related data.

Due to the questionable methods used to distribute adware products, they are also classified as PUAs (Potentially Unwanted Applications).

It is noteworthy that when "New Tab Explorer — Explore the Web on New Tab" is proliferated through certain rogue installers, it adds the "Managed by your organization" feature to Google Chrome browsers.

What is "Managed by your organization"?

"Managed by your organization" is a Google Chrome feature (it can be found on the main menu) which allows administrators to manage browsers (set various policies) for users within their organization.

This feature is normally present on Chrome browsers that are managed by an organization or group, however, it is possible that regular users who do not have browsers controlled by an organization will also see this feature.

In some cases, "Managed by your organization" appears in browser settings due to an installed potentially unwanted application (PUA) such as a browser hijacker or malicious application.

What is Emailme6974 ransomware?

Emailme6974 is the name of a ransomware-type program. It operates by encrypting data (rendering files inaccessible) and creating a ransom note, demanding payment for the decryption (access recovery). During the encryption process, affected files are prepended with "Lock.".

For example, a file initially titled something like "1.jpg" would appear as "Lock.1.jpg", "2.jpg" as "Lock.2.jpg", and so on. After this process is complete, a ransom-demanding message in Korean is created in a Pastebin (text storage site).

What is awesomenewspush[.]com?

It is highly advisable not to trust the awesomenewspush[.]com or websites that it promotes (opens). Depending on the geolocation of its visitors, awesomenewspush[.]com either loads its deceptive content or opens other pages of this kind.

Typically, websites like awesomenewspush[.]com are promoted using deceptive advertisements, untrustworthy sites, or potentially unwanted applications (PUAs). In other words, users do not visit pages like awesomenewspush[.]com on purpose.

It is worthwhile to mention PUAs can be designed to collect various data and serve advertisements. A couple examples of websites like awesomenewspush[.]com are get-your[.]cash, rtenmy[.]com, and oundoutth[.]biz.

What is Set colors?

Set colors is the name of a browser hijacker, endorsed as a tool capable of improving website legibility by allowing users to change page background and text colors. Instead, this software promotes the fxsmash.xyz illegitimate search engine through modifications made to browsers.

In addition, Set colors collects information relating to browsing activity. Since most users unintentionally download/install browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).

What is USA?

USA is one of the many ransomware-type programs. This one is a new variant of Dharma ransomware and was discovered by Jakub Kroustek. Like most computer infections of this type, USA is used to encrypt data and make ransom demands.

It renames encrypted files by adding a new extension (".USA"), which includes a unique victim ID and USA developer's email address. For example, "1.jpg" might become "1.jpg.id-1E857D00.[usacode@aol.com].USA".

USA also generates a "FILES ENCRYPTED.txt" file and displays a pop-up window. Updated variants of this ransomware use ".[mr.hacker@tutanota.com].USA" extension for encrypted files.