Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.

Try SpyHunter (FREE)!*

* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Beware: Cybercriminals Leveraging Coronavirus to Exploit Computer Users and Spread Malware It hasn't taken a lot of time for threat actors to realize the social engineering opportunity that the novel coronavirus (2019-nCoV) has presented them. The respiratory infection that originated in...
Infections Abound as Computer Malware Exploiting COVID-19 Coronavirus Spreads Rapidly Adding to Worldwide Hysteria There's no doubt that the Coronavirus has created a worldwide hysteria and pandemic from having a negative impact on many economies to pressing government officials to hold conferences addressing...
Hackers Exploiting Coronavirus Fears To Push Malware As the Covid-19 pandemic goes into full swing, we see increasing numbers of hackers and nation-state actors trying to exploit the global fears for their own gains, spreading malicious software...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security

Shlayer Trojan

Shlayer Trojan screenshot

The Shlayer Trojan is a cyber-threat aimed at Mac users who might be interested in trying out application stores other than the official App Store by Apple. The Shlayer Trojan might be promoted to the users as an independent application delivery platform that offers discounts on premium software. The Shlayer platform was reported of delivering harmful programs, unwanted browser extension, unrequested Internet settings modifications, promoting questionable shopping helpers and distributing supposedly free premium applications. The Shlayer Trojan was recognized by computer security researchers in January 2019 when the users started reporting fake Adobe Flash updates to Web browser vendors....

Posted on February 15, 2019 in Mac Malware, Trojans

CoronaVirus Ransomware

CoronaVirus Ransomware screenshot

The CoronaVirus Ransomware (also called CoronaVi2022 Ransomware) is a file-locker, which was released in the wild recently, and it seems that its author has opted to use the name of the Coronavirus (also known as COVID-19), which is a disease that is threatening users worldwide. Just like the disease it is named after, the CoronaVirus Ransomware also threatens users worldwide, but in a different way – it will try to encrypt their files, and also overwrite the contents of their drive's Master Boot Record (MBR). The latter operation may cause a lot of trouble, since the victims' computers will not load their operating system and, instead, they will display a copy of the CoronaVirus...

Posted on March 12, 2020 in Ransomware

Hackers Spreading Malware via Coronavirus Maps Online

Hackers Spreading Malware via Coronavirus Maps Online screenshot

The ongoing outbreak of the coronavirus is now disrupting business across the world, but apparently cybercriminals have no days off, since they're just as active as they were before the beginning of the outbreak. It appears they are now capitalizing on the fears of the people regarding the pandemic. It was back in January that the hackers started using the coronavirus threat as a focus of an email campaign that infected users with malware, and now they are expanding their operations to coronavirus outbreak maps that follow the number of infections and deaths across the world. Many organizations are feeling the pressure from these attacks, such as John Hopkins University who created...

Posted on March 11, 2020 in Computer Security

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

Zeus Trojan

Zeus Trojan screenshot

The Zeus Trojan is the most widespread and common banking Trojan today. There are countless variants of the Zeus Trojan, also known as Zbot and Zitmo. There are regional variants that target computers in specific areas of the world as well as mobile-specific variants designed to attack mobile operating systems such as Android or BlackBerry platforms. In all cases, the Zeus Trojan is used to steal banking information. This dangerous malware infection can be used to steal account names and numbers, banking account passwords, and credit card numbers. The Zeus Trojan can also be utilized to capture particular information that can then be used to steal a victim's identity. ESG security...

Posted on March 27, 2006 in Trojans

Win32 malware.gen

Win32 malware.gen screenshot

Win32 Malware.gen is a so-called generic threat - a suspicious file fetched by an anti-virus scan that appears to be malicious but does not match any of the definitions of known malware threats contained in the anti-virus software's database. Therefore, an alert from an anti-malware program for a Win32 Malware.gen detection indicates that there is a 32-bit file on a Windows operating system that should be flagged for further inspection. An infection generally described as Win32 Malware.gen is thus a heuristic detection designed to indicate the presence of some kind of a yet undetermined Trojan horse for Windows PCs. It is also possible that files reported as a Win32 Malware.gen infection...

Posted on July 5, 2010 in Trojans

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security

More Articles


The Sarwent malware first showed up in 2018. Back then, the Sarwent threat was a very basic piece of malware, which only served as a first-stage payload that allows the attackers to plant other threats on the infected computer. However, malware experts have spotted new iterations of the Sarwent threat that appear to be far superior to the earliest variants of this Trojan. The latest variants of the Sarwent Trojan pack two main features, which were not available on earlier versions of the threat: They are capable of utilizing the PowerShell utility and the Windows Command Prompt service to execute remote commands on the compromised host. They are able to set up a new Windows user, which can be used to allow the attackers to use RDP (Remote Desktop Protocol) services and therefore access the host via an RDP connection. Using an RDP...

Posted on May 26, 2020 in Malware

Blue Mockingbird Malware

The Blue Mockingbird Malware is an organization run by hackers who appear to have the end goal of creating and running a botnet that would mine cryptocurrency. This hacking group first appeared in December 2019. The servers that the attackers target are very specific - the only common trait the victims have between them is that they almost always run the Telerik UI framework alongside variable ASP.NET utilities. Doing so enables the attackers to exploit a vulnerability known as CVE-2019-18935. This vulnerability would allow the Blue Mockingbird Malware to plant a shell on the targeted system and therefore take control over it. Usually, attacks like that aim at collecting sensitive files, confidential data, personal details, etc. However, instead of carrying out a reconnaissance operation, the Blue Mockingbird Malware has opted to...

Posted on May 26, 2020 in Advanced Persistent Threat (APT)

CovidWorldCry Ransomware

The CovidWorldCry Ransomware is a new file-locking Trojan that is being propagated via fraudulent phishing emails. Countless cybercriminals worldwide are using the COVID-19 pandemic to spread online tactics and various malware. As the name indicates, the CovidWorldCry Ransomware is no exception. To propagate the CovidWorldCry Ransomware, the attackers are likely to use phishing emails that contain a bogus attachment, which may be presented as an important document that contains crucial information regarding the Coronavirus pandemic. Encryption When the CovidWorldCry Ransomware infects your PC, it will start scanning your data and locating your files. This threat is likely targeting documents, images, spreadsheets, presentations, archives, audio files, videos, databases and various other filetypes. This will result in most of your files...

Posted on May 26, 2020 in Ransomware

Unicorn Ransomware

There is a brand-new ransomware threat targeting innocent users online - the Unicorn Ransomware. This newly detected data-encrypting Trojan appears to target computer users located in Italy. It is likely that this is a new project as the Unicorn Ransomware does not appear to be linked to other ransomware families. Propagation and Encryption According to cybersecurity experts, the Unicorn Ransomware is not propagated via the usual means – phishing emails, torrent trackers, fake updates/downloads, etc. Instead, the authors of the Unicorn Ransomware have set up a bogus website hosted at Fofl(dot)it. The cyber crooks have used this domain name to trick users into believing that they are visiting the legitimate Fofi.it. This is the genuine domain name used by the Italian Federation of Pharmacists (in Italian Federazione Ordini Farmacisti...

Posted on May 26, 2020 in Ransomware

PDF To Pro

The PDF to Pro utility is a Web browser extension, which is marketing itself as a tool that will allow users to convert PDF files via their browser swiftly. Even if this sounds like a useful feature, the PDF to Pro add-on does not offer any unique services. There's no need to install any third-party software to use the services offered by the PDF to Pro extension. There are many freely available websites that will help you convert your files without asking you to install any software on your system. If you install the PDF to Pro extension add-on, you may notice that your default new tab page has been changed. This is because the PDF to Pro extension is designed to hijack your default new tab page by setting up an affiliated website as the site you see every time you open a new tab on your browser. The affiliated website is the...

Posted on May 26, 2020 in Potentially Unwanted Programs


The Tomki.pro website is not a Web page that will offer its visitors useful features or quality content. The end goal of the Tomki.pro site operators is to hijack the Web browser notifications of their visitors. Users who attempt to view the content that the Tomki.pro page may claim to host, will be greeted by a prompt, which requires them to click ‘Allow.’ The visitors will be led to believe that if they click on the ‘Allow’ button, they will be able to watch the video that is meant to be hosted on the fraudulent site. However, there is no video to watch and following the instructions provided by the Tomki.pro page will allow the site to send you notifications using your Web browser. If you grant the Tomki.pro site this permission, it will make sure to flood you with unwanted advertisements every time you use your computer. The...

Posted on May 26, 2020 in Browser Hijackers


The Cloudstream.bar website is a dodgy page, which has no quality content to offer its users. There are countless useless pages like the Cloudstream.bar site on the Web. They serve no purpose but to hijack the Web browser notifications of their visitors. As soon as the Cloudstream.bar page is launched, it will display a prompt that would require the users to click ‘Allow’ if they wish to continue. This is known as the ‘Please Click Allow to Continue’ low-tier online tactic. Often, the prompt is presented as a CAPTCHA test that the user needs to complete before viewing the content of the page. Naturally, this is not a real CAPTCHA test. Completing the fake test will permit the Cloudstream.bar site to send the user push-notifications via their Web browser. The Cloudstream.bar site is known to bombard its users with unwanted...

Posted on May 26, 2020 in Browser Hijackers


If you often browse low-quality websites, you may have come across the Classicgift.download page. This website is known to host a tactic referred to as ‘Please Click Allow to Continue.’ Unfortunately, websites like the Classicgift.download page have nothing to offer to their visitors. It is best to avoid wasting your time with the Classicgift.download website. The Classicgift.download site may claim to host engaging content, but rest assured that this is not the case. Users who attempt to view the content that the Classicgift.download website claims to host will be greeted by a fake video prompt that asks them to click ‘Allow.’ The site leads users to believe that if they do not follow the instructions, they will not be able to view the seemingly interesting video hosted on the page. However, there is no video to be viewed – clicking...

Posted on May 26, 2020 in Browser Hijackers

Phishers Are Trying to Bypass Office 365 MFA via Rogue Apps

Phishers Are Trying to Bypass Office 365 MFA via Rogue Apps screenshot

Phishing attempts are trying to bypass multi-factor authentication (MFA) protection Office 365 user accounts by fooling them to grant permissions to a rogue application. The app allows attackers to access and modify the victim's account and retain the access indefinitely, according to researchers from Cofense. The Details of the Attack The cybercriminals open up with an invitation email directing their potential prey to a file hosted on Microsoft's SharePoint, a collaborative platform that integrates with MS Office. The document spreading through these methods implies that the recipient may get a bonus on their salary for the first quarter of 2019. Users who are fooled into following the...

Posted on May 26, 2020 in Computer Security


The Winnti Group is an organization of cyber crooks that have been operating for nearly a decade. The first traces of the Winnti Group activity was spotted in 2011. This hacking group also is known as APT41 (Advanced Persistent Threat). The Winnti Group tends to target companies that are involved in game and software development. Usually, the Winnti Group misappropriates genuine software and weaponizes it for its threatening campaigns. One of the most popular hacking tools in their arsenal is called the Winnti backdoor, which is where the name of the group is derived from. PipeMon Main Objective One of the most recent campaigns of the Winnti Group targeted video game development companies located in South Korea and Taiwan. The companies in question are involved in the development of MMO (Massive Multiplayer Online) games, which are...

Posted on May 22, 2020 in Backdoors

Silent Night

The Silent Night threat is a newly spotted banking Trojan that appears to be very similar to the Zeus Banking Trojan – one of the most popular threats of this type. Malware experts spotted an advertisement for the Silent Night threat posted on a Russian hacking forum. The advertisement was only available in Russian, so it is likely that with this advertisement, the creators of this threat are targeting cyber crooks in the Russian region who may be interested. However, the Silent Night malware is not a cheap hacking tool – one-month subscription costs around $4,000. It is likely that a threat with a price as high as the Silent Night tool will attract the attention of cybercrime organizations mainly. Why the Silent Night Trojan is So Well-Accepted by Cybercriminals The Silent Night banking Trojan is a state-of-the-art threat. This...

Posted on May 22, 2020 in Banking Trojan

NetSupport Manager RAT

The NetSupport Manager tool is a genuine application, which was first released about twenty years ago. The purpose of the NetSupport Manager tool is to enable users to receive remote technical support or provide remote computer assistance. However, cyber crooks have hijacked this useful application and misappropriated it to use it in their harmful campaigns. The name of the modified version of the NetSupport Manager has been labeled the NetSupport Manager RAT (Remote Access Trojan). How the NetSupport Manager RAT is Propagated The operators of the NetSupport Manager RAT are propagating it via spam emails apparently. The emails were Coronavirus-themed, which does not come as a surprise as recently, countless cybercriminals worldwide have been using the COVID-19 pandemic to distribute malware and spread online tactics. The fake email is...

Posted on May 22, 2020 in Remote Administration Tools

Instabot Ransomware

The Instabot Ransomware is a new iteration of the notorious STOP Ransomware. Despite the fact that malware analysts are very familiar with the STOP Ransomware family, there is yet to be a decryption tool released that would help the victims of this nasty Trojan. This means that users who have fallen victim to the Instabot Ransomware have no way of reversing the damage for free. Propagation and Encryption According to cybersecurity researchers, the Instabot Ransomware is being propagated via spam emails. The emails are likely to contain a fraudulent message alongside a fake attachment, which will infect one’s system once opened. The Instabot Ransomware will lock most of the files present on the compromised computer – documents, images, audio files, videos, presentations, spreadsheets, databases, archives, etc. When the Instabot...

Posted on May 22, 2020 in Ransomware

Covm Ransomware

The Covm Ransomware is yet another variant of the notorious STOP Ransomware. The STOP Ransomware family was the most popular ransomware family of 2019 when cyber crooks from all around the world ended up releasing over 200 copies of this threat. Propagation and Encryption The Covm Ransomware can be propagated via different methods, including mass spam emails that contain corrupted attachments designed to look like harmless files, malvertising campaigns, fake application downloads and updates, bogus pirated copies of popular software tools, etc. When the Covm Ransomware infects your PC, it will scan your data and locate the files that meet its criteria. The Covm Ransomware will go after a wide array of filetypes - .doc, .docx, .jpg, .jpeg, .mp3, .mp4, .mov, .pdf, .xls, .xlsx, .rar, .gif, .png, and many others. Next, the Covm Ransomware...

Posted on May 22, 2020 in Ransomware


The SearchModule utility is not a tool that will enhance your browsing quality despite its claims. The SearchModule tool is an adware program that targets Mac systems. Applications like the SearchModule program disclose their true intentions rarely and instead claim to offer useful services. If you install the SearchModule on your Mac, you will notice that whenever you browse the Web, you are exposed to far more advertisements than usual. This is because the goal of the SearchModule adware program is to inject advertisements on the websites that you visit. It is common that advertisements spawned by adware programs overlay important sections of the websites the user visits. This ends up preventing the user from viewing certain parts of the site. Needless to say, having adware on your computer can be very irritating. The advertisements...

Posted on May 22, 2020 in Adware
1 2 3 4 5 6 7 8 9 10 11 1,443