Virus and Spyware Removal Guides, uninstall instructions

What is the Avalon ransomware?

Avalon is a piece of malicious software classified as ransomware. This program is designed to encrypt the data (render files inaccessible) stored on infected systems and demand victims pay a ransom for the decryption (access recovery).

During the encryption process, compromised files are appended with the ".avalon" extension. To elaborate, an encrypted file initially titled "1.jpg" would appear as "1.jpg.avalon", "2.jpg" as "2.jpg.avalon", "3.jpg" as "3.jpg.avalon", and so forth.

Once the encryption is complete, ransom notes are created/displayed in a pop-up window and "READ_ME.avalon.txt" text file. Avalon malware is identical to Kabayaboo ransomware.

What is search.yahoo.com?

Search.yahoo.com is a legitimate search engine, developed by the Yahoo! web services provider. However, users can experience undesirable redirects to it - due to rogue software, called browser hijackers, having infiltrated the browser and/or system.

What is the "Chase account has been locked" email scam?

It is common that scammers use email to trick recipients into providing them personal information (e.g., login credentials, social security numbers, credit card details). Their goal is to extract information that could be used to access bank, email, social media or other accounts, make unauthorized purchases, etc.

In order to give their emails legitimacy scammers pretend to be legitimate companies, organizations, or other entities. This particular email is disguised as a letter from Chase, an American national bank.

What is the "DHL Package Tracking Confirmation" scam email?

"DHL Package Tracking Confirmation email scam" refers to a spam campaign - large-scale operation during which thousands of deceptive emails are sent. The letters distributed via this campaign - are presented as notifications from DHL International - a legitimate courier, package delivery, and express mail service.

The scam emails claim that the delivery address requires another confirmation. "DHL Package Tracking Confirmation" spam campaign aims to promote a phishing website designed to record email account log-in credentials.

What is gate15[.]xyz?

Gate15[.]xyz is virtually identical to get-your[.]cash, news-runytuh[.]cc, rtenmy[.]com and hundreds of other websites of this type. All these pages have at least one thing in common: they are designed to load deceptive content and open various questionable pages (they do one or another after checking the visitor's IP address).

It is noteworthy that most of the times, pages like gate15[.]xyz get visited unintentionally. More precisely, they get opened through other shady websites, unreliable ads, or potentially unwanted applications (PUAs).

What is OperativeBitUnit?

OperativeBitUnit is designed to serve advertisements, persuade users into using a fake search engine and collect browsing data (and possibly other information). This application functions as adware, browser hijacker, and a data collector.

As a rule, apps like OperativeBitUnit get downloaded and installed by users without their knowledge. For this reason, they are categorized as potentially unwanted applications (PUAs).

Usually, PUAs are distributed using questionable, deceptive methods. Research shows that to trick users into installing OperativeBitUnit, its developers use a fake Adobe Flash Player installer.

What is "New Tab Explorer — Explore the Web on New Tab"?

"New Tab Explorer — Explore the Web on New Tab" is the name of an adware-type browser extension. It operates by running intrusive advertisement campaigns (delivering various ads) and collecting browsing-related data.

Due to the questionable methods used to distribute adware products, they are also classified as PUAs (Potentially Unwanted Applications).

It is noteworthy that when "New Tab Explorer — Explore the Web on New Tab" is proliferated through certain rogue installers, it adds the "Managed by your organization" feature to Google Chrome browsers.

What is "Managed by your organization"?

"Managed by your organization" is a Google Chrome feature (it can be found on the main menu) which allows administrators to manage browsers (set various policies) for users within their organization.

This feature is normally present on Chrome browsers that are managed by an organization or group, however, it is possible that regular users who do not have browsers controlled by an organization will also see this feature.

In some cases, "Managed by your organization" appears in browser settings due to an installed potentially unwanted application (PUA) such as a browser hijacker or malicious application.

What is Emailme6974 ransomware?

Emailme6974 is the name of a ransomware-type program. It operates by encrypting data (rendering files inaccessible) and creating a ransom note, demanding payment for the decryption (access recovery). During the encryption process, affected files are prepended with "Lock.".

For example, a file initially titled something like "1.jpg" would appear as "Lock.1.jpg", "2.jpg" as "Lock.2.jpg", and so on. After this process is complete, a ransom-demanding message in Korean is created in a Pastebin (text storage site).

What is awesomenewspush[.]com?

It is highly advisable not to trust the awesomenewspush[.]com or websites that it promotes (opens). Depending on the geolocation of its visitors, awesomenewspush[.]com either loads its deceptive content or opens other pages of this kind.

Typically, websites like awesomenewspush[.]com are promoted using deceptive advertisements, untrustworthy sites, or potentially unwanted applications (PUAs). In other words, users do not visit pages like awesomenewspush[.]com on purpose.

It is worthwhile to mention PUAs can be designed to collect various data and serve advertisements. A couple examples of websites like awesomenewspush[.]com are get-your[.]cash, rtenmy[.]com, and oundoutth[.]biz.