Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.
* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Cybercriminals Are Still Taking Advantage of Covid-19 with Increased Attacks Microsoft unveiled its Asia Pacific findings from its latest Security Endpoint Threat Report for 2019, which shared that cybercriminals are making 60,000 COVID-19 themed phishing attempts daily....
Cybercriminals Sticking to Coronavirus and Financial Themes for Phishing Scams Summer is at its peak, and the online scammers are still doing whatever they can to take advantage of the uncertainty caused by the pandemic. Cyber-attacks are targeting businesses and consumers in...
Hackers Exploiting Coronavirus Fears To Push Malware As the Covid-19 pandemic goes into full swing, we see increasing numbers of hackers and nation-state actors trying to exploit the global fears for their own gains, spreading malicious software...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security


Newsbreak.com screenshot

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

Posted on February 3, 2020 in Browser Hijackers

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

.HOW Ransomware

.HOW Ransomware screenshot

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

Posted on June 29, 2020 in Ransomware

IT Ransomware

IT Ransomware screenshot

IT Ransomware is a brand-new data-locking Trojan that appears to be a rather basic project. This file-locker is also known as the CobraLocker Ransomware. Despite not being a very high-end threat, the IT Ransomware is fully capable of causing significant damage to its targets. Unfortunately, the IT Ransomware does not appear to be decryptable for free. Propagation and Encryption Threats like the IT Ransomware often go after a variety of filetypes that are likely to be present on the system of every regular user. This means that the IT Ransomware will not spare any images, documents, presentations, databases, spreadsheets, archives, audio files, videos and other filetypes that are common....

Posted on July 9, 2020 in Ransomware

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security

Search Baron

Search Baron is a potentially unwanted browser hijacker masked as a search engine application. The latter supposedly aims to turn web surfing on OSX-based Mac devices into a more satisfying experience. Yet, its bad habit of landing on the device without its user's knowledge raises suspicions about its end purpose. While the tool does not necessarily fall under any severe malware category, you may bet that it would in no way improve your browsing experience, either. Instead, Search Baron's primary goal is to promote its search services, often more aggressively than usual. A Bing search engine with a Twist The Search Baron page appears to be powered by Microsoft’s popular Bing search engine. However, the search results you would get from a regular Bing search query may come with sponsored links of suspicious quality mingled in between....

Posted on August 23, 2019 in Browser Hijackers, Mac Malware

Search Marquis

Search Marquis screenshot

Search Marquis is a Mac utility that disguises itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a malicious browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) that sneaks stealthily into Mac computers is to generate revenues for its operators by popularizing the search engine Bing.com on Mac Safari browser. This happens through a number of intermediate redirects through various dubious domains. Once installed on a Mac computer, this browser hijacking tool starts to modify crucial changes on the user's...

Posted on June 9, 2020 in Browser Hijackers, Mac Malware

More Articles

BlackOasis APT

BlackOasis is the name given to an Advanced Persistent Threat (APT) group of hackers that deliver highly-targeted attacks against specific victims from the Middle Eastern region. The group uses events from the contemporary news cycle to craft spear-phishing emails and decoy documents used to hide the threatening activity of their toolkit. Among the targets of BlackOasis APT are UN representatives, regional news correspondents, regional entities, international activists, and think tanks. The geological spread of detected victims spans the countries Russia, Nigeria, Iraq, Libya, Jordan, Saudi Arabia, Iran, Bahrain, the Netherlands, Angola, the UK and Afghanistan. The hackers specialize in the exploitation of zero-day vulnerabilities, mainly affecting Adobe Flash. So far, infosec researchers have observed BlakcOasis campaigns taking...

Posted on October 23, 2020 in Advanced Persistent Threat (APT)


Acecard is a family of mobile banking Trojans that displayed a remarkable rate of evolution in a relatively short period following its first discovery. The rapid development may be explained by the fact that the hackers behind Acecard had already been involved with two previous mobile malware threats - Backdoor.AndroidOS.Torec.a, the first TOR Trojan for Android and Trojan-Ransom.AndroidOS.Pletor.a, the first ransomware for mobile devices. The evidence that all threats were spawned from the same group of hackers can be found in the significant code overlap, as well as the identical class, method and variable names. All three threats target Android devices. During its activity, Acecard changed almost all of its characteristics. The Trojan began as a credentials collector from various social media applications but evolved to include...

Posted on October 23, 2020 in Banking Trojan

Slingshot APT

Slingshot APT is the name given to a highly-sophisticated group of hackers responsible for the deployment of a complex data exfiltration threat. Due to the nature of its activities. infosec researchers believe that the goal of the Slingshot APT is corporate espionage. The methods used by the hackers show that they have spent considerable time crafting their malware toolkit. The activities of the group have continued from 2012 to at least 2018. The attack platform established by Slingshot involves multiple stages and several vectors of compromise. One confirmed method was through Mikrotik routers that have been modified to include a corrupted component downloaded by the Winbox Loader, a legitimate management software used for Mikrotik configuration. When the user runs Winbox Loader, it connects to the compromised routers and downloads...

Posted on October 23, 2020 in Advanced Persistent Threat (APT)


WinPot is a peculiar ATM Trojan designed to cash out the ATMs of a specific popular ATM vendor. The threat was offered on hacker forums hosted on the Dark Web with the price at the time being set at 1 BTC (Bitcoin). 1 BTC is equal to over $13,00, considering the current exchange rate. WinPot's visual interface is designed to mimic that of a slot machine. Each cassette of the ATM is assigned a number between 1 and 4 (4 being the maximum cash out cassettes that an ATM can have). Under each 'slot,' information about the currently held banknotes and their denomination is displayed. A 'SPIN' button is available for each cassette slot, and clicking it commands the ATM to start dispensing cash from the corresponding cassettes. Two more command buttons are available - 'STOP' terminates the process of dispensing money, while 'SCAN' updates the...

Posted on October 23, 2020 in Malware


WireLurker is a Trojan malware affecting iPhones and Mac OSX users. Even a Win32 application of the threat was detected. The victims of this malware are users located in China. And as is usually the case for this type of malware, the propagation vector was through Trojanized applications distributed from a third-party application store. The specific marketplace exploited by WireLurker is called Maiyadi Application Store. Over 460 applications uploaded to it were detected to carry the malware threat. WireLurker was disguised as various popular games in order to attract as much attention from the unsuspecting users as possible. The versions that amassed the most downloads were posing as the Sims 3, International Snooker 2012, Pro Evolution Soccer 2014, Bejeweled 3, and Angry Birds. Once installed, WireLurker doesn't waste much time. It...

Posted on October 23, 2020 in Mac Malware


SolarSys is a new Trojan threat that is being deployed against users located in Brazil. The region of South America and especially Brazil has been registering far more attack campaigns involving banking Trojan payloads than the rest of the world, and SolarSys does indeed have banking Trojan capabilities. As a whole, SolarSys is composed of several harmful components, each tasked with executing a different action on the compromised system.  The Trojan is delivered through fake MSI installers that pretend to be Java or Microsoft HTML Help. Once started. However, they call InstallUtil, which is used to execute the .Net dynamic library file called 'uninstall.dll' that carries the first-stage backdoor payload. 'Uninstall.dll' runs the JavaScript backdoor in memory, sets up the persistence mechanism by registering itself to AutoRun, and...

Posted on October 23, 2020 in Malware


Optional.MindSpark is a heuristic description for a Potentially Unwanted Program (PUP). PUPs are undesired tools and applications that infiltrate systems without the user's consent, usually bundled within the installation process of freeware or other popular programs that people download and install from untrusty sources. One of the main functionalities of the PUPs is to generate and display on the user's desktop intrusive advertisements, like pop-ups, banners, fake security alerts or discount codes. However, most of these potentially unsafe tools also install various unknown browser extensions and modify the browser's settings to replace the homepage and default search engine with their own URL, forcing users to visit questionable websites and redirecting searches to irrelevant pages and products. Another feature that is a serious...

Posted on October 23, 2020 in Potentially Unwanted Programs

Energy Ransomware

The Energy Ransomware is a threatening program that locks up files on affected systems and demands the payment of a certain amount in exchange for a decryption tool. As typical for ransomware threats, infected systems experience data loss and inability to perform certain actions, creating significant problems for the user. As soon as the Energy Ransomware has finished the encryption process, it appends the extension' .energy[potentialenergy@mail.ru]' to all encrypted files. As noticed, the extension contains the hackers' email address and the name of the ransomware threat. The ransom note is created in the form of a text file named 'HOW_TO_DECYPHER_FILES.txt' that is placed in every compromised folder. It has the following text: 'To recover your data contact the email below potentialenergy@mail.ru Key Identifier: - Number of files that...

Posted on October 23, 2020 in Ransomware


StreamSiteSearch, despite its name, is not created to offer users a quick and convenient way to search for their favorite streams. Instead, the application's sole purpose is to promote a fake search engine and generate artificial traffic towards it.  Once installed, StreamSiteSearch takes over the default browser of the user and modifies certain settings immediately. It changes the homepage, new page tab, and the default search engine to open the address feed.streamssitesearch.com. Every time the user starts up the affected browser, opens a new blank tab, or conducts a search, it will generate traffic for this fake search engine. And since feed.streamssitesearch.com is indeed fake by itself, it cannot generate any search results as it simply lacks the functionality to do so. It operates by taking the user's search query and redirecting...

Posted on October 22, 2020 in Potentially Unwanted Programs

Chromium Shield

The Chromium Shield can be best described as a rogue Web browser. This Possibly Unwanted Program (PUP) is based on the legitimate open-source Chromium project, but its functionality includes some questionable functionality such as operating as adware and a browser hijacker. However, before it reveals its true colors, the Chromium Shield advertises itself as possessing numerous useful features. It lures users in by boasting of offering 'safe, secure, and fast browsing,' in addition to coming with a free VPN, having ad blocking, and tracking protection. If that was not enough, the Chromium Shield also supposedly prevents any windows from freezing and somehow allows the user to receive more data at faster rates. If you think that this sounds way too good to be actually true, well, you are quite right. The Chromium Shield doesn't tell its...

Posted on October 22, 2020 in Potentially Unwanted Programs

XNMMP Ransomware

The XNMMP Ransomware is a new crypto locker variant based on the previously detected CONTI Ransomware threat. In turn, however, the XNMMP Ransomware has two variants that have been detected in the wild. They are virtually identical, but one appends the '.XNMMP' extension to the original filenames of the files it encrypts while the other uses '.TJODT.' Otherwise, they both use the same ransom note sent by the CONTI Ransomware and both deliver it as text files named 'R3ADM3.txt' that are dropped on the compromised systems.  According to the instructions, victims of the XNMMP Ransomware can send 'samples' to the hackers to be decrypted for free. They are also supposed to go to a certain website through either the provided TOR link or the HTTPS URL. The hackers warn that they have exfiltrated certain data from the infected system, and if...

Posted on October 22, 2020 in Ransomware

LolKek Ransomware

The LolKek Ransomware is a crypto locker threat that, according to infosec researcher, is a newly created variant based on the BitRansomware malware. The goal of the threat is to infiltrate the targeted computer sneakily, proceed to encrypt the data stored on it, and then extort money from the affected users in exchange for the potential restoration of the encrypted files.  Victims of the LolKek Ransomware will notice that the names of their files have been changed to include '.ReadMe' as a new extension suddenly. More importantly, however, all of the files will be inaccessible and unusable. The consequences could be severe if the locked data contained business-related projects or information. The LolKek Ransomware drops a ransomware note with instructions to its victims in the form of text files named 'Read_Me.txt.'  While most modern...

Posted on October 22, 2020 in Ransomware

bH4T Ransomware

The bH4T Ransomware Ransomware is a new Dharma variant that displays few differences compared to the other threats from the same ransomware family. The two aspects that set the bH4T Ransomware apart the most are the unique extension it uses for the encrypted files and the email addresses provided by the hackers as points of contact. However, when it comes to functionality, the bH4T Ransomware may not have any meaningful modifications, but that doesn't detract from its offensive capabilities.  The bH4T Ransomware employs powerful cryptographic algorithms to effectively 'lock' the files stored on the compromised computer system. Users will no longer be capable of accessing or use their private or business-related files, as the threat targets audio, video, MS Office files, backups, spreadsheets, photos, archives, etc. The bH4T Ransomware...

Posted on October 22, 2020 in Ransomware

HEH Botnet

Researchers have detected a new botnet that is spreading actively. According to their findings, the botnet called HEH can compromise home routers, Internet of Things (IoT) devices, Linux servers, and even Windows systems. The only prerequisite is for the targets to have weak Telnet credentials as the botnet propagates through brute-force attacks against open Telnet ports (23 and 2323). If the HEH Botnet breaches the device successfully, it deploys one of seven binaries tasked with installing the HEH malware. It should be noted that while the botnet can compromise Windows systems, the malware it delivers can only be executed on *NIX platforms. The specific CPU architectures that can be affected by the botnet are x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III) and PPC. The HEH Botnet may Break Devices There are signs that the botnet is in...

Posted on October 22, 2020 in Botnets


If you notice that your online searches are being redirected through an unknown URL named ProgressElemnt, then a Potentially Unwanted Application (PUA)) has infected your computer. Further on, another symptom of this malware threat is a new browser extension installed on your computer so that each time you open your browser, it launches this fake search engine instead of your regular homepage.PUPs like ProgressElemnt penetrate devices unnoticed, usually when the user clicks on an infected advertisement or installs some freeware that contains additional tools The primary goal of ProgressElemnt is to generate advertising revenues for its owners by rerouting online traffic to sponsored websites. It does so by misusing some legit search engines, like search.yahoo.com, to deliver search results to the user. However, the presented results...

Posted on October 22, 2020 in Mac Malware
1 2 3 4 5 6 7 8 9 10 11 1,519