Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.

Try SpyHunter (FREE)!*

* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Cybercriminals Are Still Taking Advantage of Covid-19 with Increased Attacks Microsoft unveiled its Asia Pacific findings from its latest Security Endpoint Threat Report for 2019, which shared that cybercriminals are making 60,000 COVID-19 themed phishing attempts daily....
Cybercriminals Sticking to Coronavirus and Financial Themes for Phishing Scams Summer is at its peak, and the online scammers are still doing whatever they can to take advantage of the uncertainty caused by the pandemic. Cyber-attacks are targeting businesses and consumers in...
Hackers Exploiting Coronavirus Fears To Push Malware As the Covid-19 pandemic goes into full swing, we see increasing numbers of hackers and nation-state actors trying to exploit the global fears for their own gains, spreading malicious software...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security


Newsbreak.com screenshot

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

Posted on February 3, 2020 in Browser Hijackers

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

.HOW Ransomware

.HOW Ransomware screenshot

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

Posted on June 29, 2020 in Ransomware

IT Ransomware

IT Ransomware screenshot

IT Ransomware is a brand-new data-locking Trojan that appears to be a rather basic project. This file-locker is also known as the CobraLocker Ransomware. Despite not being a very high-end threat, the IT Ransomware is fully capable of causing significant damage to its targets. Unfortunately, the IT Ransomware does not appear to be decryptable for free. Propagation and Encryption Threats like the IT Ransomware often go after a variety of filetypes that are likely to be present on the system of every regular user. This means that the IT Ransomware will not spare any images, documents, presentations, databases, spreadsheets, archives, audio files, videos and other filetypes that are common....

Posted on July 9, 2020 in Ransomware

Top 20 Countries Found to Have the Most Cybercrime

Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm, Symantec, has discovered specific factors that determine why a certain country is plagued with cybercrime more so or less than another which allowed them to come up with a ranking for each. Symantec has ranked 20 countries that face, or cause, the most cybercrime. In compiling such a list, Symantec was able to quantify software code that interferes with a computer's normal functions, rank zombie systems, and observe the number of websites that host phishing sites, which are designed to trick computer users into disclosing personal data or banking...

Posted on July 9, 2009 in Computer Security

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security


AntiMalware screenshot

A typical deceptive campaign is disguising harmful threats as legitimate security programs in order to steal money from inexperienced victims. AntiMalware is a particularly short-named version of this campaign, with clones with names such as Active Security and Total Security. AntiMalware uses an interface that is very similar to the Windows Defender and legitimate Microsoft security programs, to make the victim believe that AntiMalware is a legitimate anti-malware application. Observing AntiMalware's design, you will quickly spot authentic-looking Windows and Microsoft Security Essentials logos as well as a layout that may seem familiar to most users of legitimate Microsoft Security...

Posted on November 9, 2009 in Rogue Anti-Spyware Program

More Articles

Templates Discovery Tab

The Templates Discovery Tab, as its name suggests, offers users a convenient way to access standard and helpful templates, in addition to display quick links to popular social media and shopping websites intuitively. While some users may find such features as helpful genuinely, downloading the Templates Discovery Tab will leave them surprised unpleasantly, as the program is little more than a Possibly Unwanted Program (PUP) and a browser hijacker. If users install the Templates Discovery Tab as a browser extension, they will soon find out that their default browser settings have been modified. The homepage, new page tab, and the default search engine will be set to redirect to search.htemplatesdiscovery.com - a fake search engine that cannot generate search results on its own. Instead, it uses search.yahoo.com for the actual list of...

Posted on August 12, 2020 in Potentially Unwanted Programs


Ativefestio.club is a Web-based tactic that tricks users into subscribing to push notifications that are nothing more than sponsored advertisements. The website itself is devoid of meaningful content entirely. Its only purpose is to leverage a social engineering trick designed to persuade the user to grant push notification permission to it unwittingly. To achieve this, Ativefestio.club generates multiple messages that all share the same goal - trick the user into clicking the 'Allow' button. The text of the message boxes differs with some of the possible variants being: 'Click ALLOW to confirm that you are not a robot!' 'Ativefestio.club wants to show notifications.' 'Ativefestio.club says CLICK ALLOW TO CLOSE THIS PAGE.' Needless to say, not one of these messages is true, and all users who fall for the scheme will be subjected to a...

Posted on August 12, 2020 in Browser Hijackers


Nssuccess.club is an empty website dedicated to the promotion of third-party advertisements through push notification. This Web-based tactic relies on users falling for a variety of social engineering tricks implemented into a fake error message displayed upon landing on the website. In the case of Nssuccess.club, it attempts to persuade visitors into clicking the 'Allow' button by claiming that this would prove that they are not robots. However, what happens when the button is clicked is that Nssuccess.club receives the necessary permissions to start generating in-browser and pop-up advertisements. In some cases, users will continue to be annoyed by unwanted advertisements even if they shut down their browser completely. While by itself, Nssuccess.club is nothing more than annoying, clicking on any of the advertisements it promotes...

Posted on August 12, 2020 in Browser Hijackers

Stitch Backdoor

Stitch is an open-source backdoor coded in Python that was created for educational and research purposes. Still, the program is capable of carrying out all of the usual activities observed in similar RAT(Remote Access Trojan) malware threats perfectly. The Stitch Backdoor has cross-platform capabilities, as well as the option for the hackers to create custom payloads that only will work on the OS that they were built on.  Among the most notable cross-platform functions carried out by the Stitch Backdoor are the dumping of Chrome passwords, enabling or disabling of certain services such as Remote Desktop Protocol (RDP), User Account Control (UAC), and Windows Defender, creation of custom pop-up windows, the collection of information about the connected drives and the summary of some Registry values. Furthermore, it can take control of...

Posted on August 12, 2020 in Backdoors


Godlike12 is a backdoor malware threat written in the Go language. Its creation is attributed to an ATP (Advanced Persistent Threat) group of criminals that cybersecurity researchers have named the Holy Water APT. Godlike12 was detected as part of a water-hole attack campaign against a religious and ethnic group in Asia. The experts who analyzed the underlying code of the threat found leads in its obfuscation mechanism that points towards Chinese-language underground forums. Godlike12 communicates with its Command and Control (C&C, C2) servers through a Google Drive space, thanks to Google Drive's HTTPS API v3. In fact, the name of the threat - Godlike12, comes from the name that the hackers gave to the Google Drive space.  Upon its first execution on the victim's computer, Godlike12 starts scraping information. It logs the IP...

Posted on August 12, 2020 in Malware

Holy Water APT

Holy Water APT is the name given to a group of cybercriminals that conducted a series of water-hole type attacks against an Asian religious and ethnic group. The TTP (Tactics, Techniques and Procedures) of this particular attack couldn't be attributed to any of the already known ATP (Advanced Persistent Threat) actors, which led the researchers to the conclusion that this is a new cybercriminal group that displays characteristics of a small and flexible team of hackers. To conduct a water-hole attack, the criminals target several websites that are visited by the designated targets frequently. The sites can belong to organizations, charities or influential individuals that belong to the targeted group. All of the websites compromised by Holy Water were hosted on the same server and included a religious personality, charity, voluntary...

Posted on August 12, 2020 in Advanced Persistent Threat (APT)


MegaBackup (PUP.MacOS.MegaBackup) seems like a legit and useful tool for Mac computers, yet, in fact, it is a rogue application that sets your system at a serious security risk. Researchers have classified MegaBackup as a Potentially Unwanted Program (PUP) as it uses dubious ways to get installed on a computer, usually without the user's consent. Among MegaBackup's dangerous features is its ability to track your browsing history by recording the visited URLs, search terms entered into search engines, IP addresses, and other related information. The operators of the app are after sensitive and personal data as well - such data is then sold to third parties to generate revenues. Another annoying feature is the constant displaying of intrusive ads and banners on top of the websites' content. That not only deteriorates the user's browsing...

Posted on August 12, 2020 in Mac Malware, Potentially Unwanted Programs

My Office Tool

The My Office Tool appears as a browser extension or as a custom-built browser based on Google Chromium. However, it is a typical Possibly Unwanted Program (PUP), and in both cases, the My Office Tool modifies your browser settings automatically, redirecting your homepage and search queries to search.hmyofficetools.co. It means that no matter when you open your browser, a new tab, or make search queries on the Internet, you will be redirected to the website search.hmyofficetools.co. It is a fake search engine that displays result pages from search.yahoo.com. The My Office Tool is usually bundled within other software programs, and its installation remains unnoticed. You should remove the My Office Tool from your system, as it may have some potentially unsafe features, like recording your search queries, browsing history or data. PUPs...

Posted on August 12, 2020 in Potentially Unwanted Programs

AB89 Ransomware

The AB89 Ransomware is a threatening encrypting tool that locks up files on targeted machines and demands a ransom to unlock them. The AB89 Ransomware belongs to the Matrix Ransomware family. The AB89 Ransomware modifies the names of the affected files – the original name is replaced with the threat actors’ email address AdamBrown89@criptext.com. A string of random characters is then added to the email address, followed by the “AB89” extension. A text file name “AB89_INFO.rtf,” which contains the ransom note, is dropped in every folder. This ransom note states that the attackers have used the AES-256 and RSA-2048 encryption algorithms to lock up the victim’s data. The message also says that the user needs to contact the hackers at one of these three email addresses: AdamBrown89@criptext.com, AdamBrown89@aol.com, and...

Posted on August 12, 2020 in Ransomware

Smaug Ransomware

The Smaug Ransomware is a Ransomware-as-a-Service (RaaS) platform that allows threat actors to create tailored harmful campaigns through a Dark Web Onion website. Malware researchers have found out that at least two actors operate the site as the level of English proficiency differs across the posts on the platform. To use the service, clients must contact the operators at smaug-ransomware@protonmail.com, pay a registration fee of 0.2 BTC (ca. 1,900 USD) upon registration, followed by a subsequent service fee of 20%. The general features of the Smaug Ransomware show that it can be configured to attack Windows, Mac, and Linus platforms, including the 64bit OS versions. The malware has a comparably simple design; it creates a unique encryption key for each machine, can run entirely offline, and the encrypted files only can be decrypted...

Posted on August 12, 2020 in Ransomware


MaxOfferDeal (Adware.MacOS.MaxOfferDeal) is a piece of Adware tailored to bombard macOS users with tons of unwanted web ads. Besides, it also redirects traffic to less-than-stellar sites full of malware-laden links. The adverts come in masses, with no end in sight. Like any other app of this kind, MaxOfferDeal promises to enrich your web browsing experience by leading you to promotional offers, last-minute deals, and all sorts of perks. What you get in reality, however, are suspicious sites packed to the rafters with malicious banners, pop-ups, and web links. At a Click's Throw While there's nothing wrong with promotional offers per se, they need to come from established retailers. The promising deals MaxOfferDeals leads you to are nothing short of shady, especially if they appear too good to be true. Some of them lead to more...

Posted on August 12, 2020 in Adware, Mac Malware

Mac Optimizer Pro

Mac Optimizer Pro is one of the countless tools supposed to clean macOS machines and optimize their performance. Like most other similar applications, Mac Optimizer Pro doesn’t really offer any significant features or capabilities beyond what the user can accomplish using macOS’s native tools. What’s more, in the case of Mac Optimizer Pro, the user is led to believe that their machine is performing poorly because of files which are actually beneficial at best and useless at worst. Mac Optimizer Pro also includes a startup manager. This is another component that has no advantage over the manager integrated in macOS. The original tool Apple integrates in its operating system can be accessed in System Preferences and give the user the same control over their startup items. It could be argued that it offers more control because it would...

Posted on August 12, 2020 in Mac Malware, Potentially Unwanted Programs


Researchers have detected Hula (Adware.MacOS.Hula) in connection with an app named WorkDefault, which pretends to be an application that can significantly improve a user’s browsing experience. In fact, it is an adware threat imposing serious risks on affected Mac computers. Another common distribution method of Mac Hula is by bundling it into free software installers. Torrent websites and fake flash player updated are further sources of such Potentially Unwanted Programs (PUPs). On the surface, Mac Hula floods users with unsolicited advertisements, coupon codes, fake surveys, banners, and other similar intrusive pop-ups. Clicking on any of these messages could lead to untrusty websites, or run malicious scripts that lead to the download and installation of additional malware. In the background, programs like Hula perform potentially...

Posted on August 12, 2020 in Adware, Mac Malware

Quick Mac Booster

Quick Mac Booster (PUP.MacOS.QuickMacBooster) is a malicious application designed to persuade users that their computer needs a performance improvement. It is classified as a Potentially Unwanted Program (PUP) as it sneaks into Mac systems unnoticed and without the user's consent, typically bundled within freeware. Quick Mac Booster is also a scareware type of threat as it generates fake scan reports that list dozens of non-existing performance and security issues with the final purpose of tricking the user into purchasing a paid version of the app. In order to look convincing, Quick Mac Booster displays immense improvement potential in all scanned areas, all highlighted in red and having countless issues that need to be fixed immediately. The rogue system optimizer also fetches the version of the operating system, the amount of RAM,...

Posted on August 12, 2020 in Mac Malware, Potentially Unwanted Programs


SpyMonitor does precisely what its name suggests — it keeps track of what you do and what you don't do on your macOS machine. In a sense, SpyMonitor acts both as a keystroke recorder and an idle time measuring tool. It loads at system startup and keeps running as a background process, thus collecting every bit of user activity. While some companies use programs such as SpyMonitor merely to enhance office productivity, cybercriminals utilize them to retrieve login credentials and personal data. If SpyMonitor came on your Mac as a drive-by download, an email attachment, or following an ad click, chances are it did not come to you for the right reasons. In this case, SpyMinitor is every bit as unwelcome as Potentially Unwanted Programs (PUPs) in general. Potential Damage SpyMonitor is designed to record anything you type on your keyboard,...

Posted on August 12, 2020 in Mac Malware, Potentially Unwanted Programs
1 2 3 4 5 6 7 8 9 10 11 1,484