Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.
* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Cybercriminals Are Still Taking Advantage of Covid-19 with Increased Attacks Microsoft unveiled its Asia Pacific findings from its latest Security Endpoint Threat Report for 2019, which shared that cybercriminals are making 60,000 COVID-19 themed phishing attempts daily....
Cybercriminals Sticking to Coronavirus and Financial Themes for Phishing Scams Summer is at its peak, and the online scammers are still doing whatever they can to take advantage of the uncertainty caused by the pandemic. Cyber-attacks are targeting businesses and consumers in...
Emotet Malware Uses US Election Campaign as Bait The notorious malware distribution vehicle Emotet has been back in business for a little over two months following a long break earlier this year. The subject line of one of the latest waves of...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

STOP Ransomware

STOP Ransomware screenshot

PC security researchers received reports of ransomware attacks involving a threat known as the STOP Ransomware on February 21, 2018. The STOP Ransomware is based on an open source ransomware platform and carries out a typical version of an encryption ransomware attack. The STOP Ransomware is distributed using spam email messages containing corrupted file attachments. These file attachments take the form of DOCX files with embedded macro scripts that download and install the STOP Ransomware onto the victim's computer. Learning how to recognize phishing emails and avoiding to download any unsolicited file attachments received is one of the ways to avoid these attacks. How to Recognize a...

Posted on February 26, 2018 in Ransomware

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security


Newsbreak.com screenshot

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

Posted on February 3, 2020 in Browser Hijackers

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

.HOW Ransomware

.HOW Ransomware screenshot

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

Posted on June 29, 2020 in Ransomware

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security

Search Baron

Search Baron is a potentially unwanted browser hijacker masked as a search engine application. The latter supposedly aims to turn web surfing on OSX-based Mac devices into a more satisfying experience. Yet, its bad habit of landing on the device without its user's knowledge raises suspicions about its end purpose. While the tool does not necessarily fall under any severe malware category, you may bet that it would in no way improve your browsing experience, either. Instead, Search Baron's primary goal is to promote its search services, often more aggressively than usual. A Bing search engine with a Twist The Search Baron page appears to be powered by Microsoft’s popular Bing search engine. However, the search results you would get from a regular Bing search query may come with sponsored links of suspicious quality mingled in between....

Posted on August 23, 2019 in Browser Hijackers, Mac Malware

Search Marquis

Search Marquis screenshot

Search Marquis is a Mac utility that disguises itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a malicious browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) that sneaks stealthily into Mac computers is to generate revenues for its operators by popularizing the search engine Bing.com on Mac Safari browser. This happens through a number of intermediate redirects through various dubious domains. Once installed on a Mac computer, this browser hijacking tool starts to modify crucial changes on the user's...

Posted on June 9, 2020 in Browser Hijackers, Mac Malware

More Articles


Trustcontent.monster is a fraudulent website dedicated to conducting a browser-based scheme. By employing deceptive tactics to trick unsuspecting users into subscribing to its push-notification services, the website can start delivering unsolicited advertisements and generating revenue for its creators. Trustcontent.monster is just one of a myriad of similar misleading websites. When visitors land on it, Trustcontent.monster will show them several fake alerts or error messages trying to convince the users to click the 'Allow' button. Furthermore, an image of a video that is buffering currently will be displayed. The implication is that something is preventing the video from running smoothly and the users must click 'Allow'to view it. As we said, however, following the instructions and clicking the button will have an entirely different...

Posted on October 28, 2020 in Browser Hijackers


Fuer.pro is another addition to the countless, mostly empty websites that are designed with a single goal in mind - to generate revenue for their creators by propagating a browser-based tactic. Users are tricked into subscribing to these websites' push-notification services, and, as a result, they will be subjected to unwanted advertisements being delivered to the screen of their devices directly. After landing on Fuer.pro, visitors will be shown several fake alerts or error messages. The website also may pretend to be conducting a bot captcha check. Another popular tactic is for Fuer.pro to display the image of a video that is buffering currently. It then states that users must click on the 'Allow' button to watch the entire video. However, the truth is that clicking 'Allow' will grant Fuer.pro the necessary browser permissions to...

Posted on October 28, 2020 in Browser Hijackers


Liveplayingnow.com is a suspicious website that, despite what its name may imply, has only one function - to propagate a browser-based tactic. The end goal is to start delivering various unsolicited advertisements to the user's device generating monetary gains for the creators of the site in the process. To achieve this, Liveplayingnow.com must trick any unsuspecting visitor to grant it the permissions required for the delivery of advertisements through push-notifications. The site displays fake alerts or error messages that try to convince the user to click the 'Allow' button no matter what the specified text is. Other social engineering tactics also are employed. For example, Liveplayingnow.com displays a message that pretends to be conducting an age verification check prominently, with the implication that the user can then proceed...

Posted on October 28, 2020 in Browser Hijackers


Search.searchworm.com is a fake search engine being promoted by browser-hijacker applications that affect Windows and Mac users. The goal is to generate artificial traffic towards the specific address. To achieve this, search.searchworm.com has been detected to be promoted by variants of the notorious Trovi browser hijacker, as well as an application called New Tab Theme Buddy. Most often than not, these applications are not installed willingly by the users, and instead, they rely on deceptive marketing tactics. That is why they can be classified as Potentially Unwanted Programs (PUPs). When a browser hijacker is installed onto the user's computer, it will take over certain browser settings. The homepage, new page tab, and the default search engine will be modified to open the search.searchworm.com address. Then, if the user simply...

Posted on October 28, 2020 in Browser Hijackers

Xdddd Ransomware

The Xdddd Ransomware is a malware threat. The Xdddd Ransomware goal is the same as all the other threats of this type - to lock the users' files with an uncrackable encryption algorithm and then extort the victims for the potential restoration of the data. The Xdddd Ransomware is based on the previously detected Paradise Ransowmare. When the Xdddd Ransomware begins its encryption algorithm, it will change every affected file's original filename. The threat follows a complex algorithm - it appends the unique ID for the specific victim, followed by the hackers' email, and finally '.xdddd' as a new extension. The email address used to contact the hackers behind this particular ransomware is 'asdasda@hotmail.com.' The customary instructions for the victims are delivered as files named '#DECRYPT MY FILES#.html' that are dropped in every...

Posted on October 28, 2020 in Ransomware

Pizhon Ransomware

Pizhon Ransomware is the name given to a ransomware threat that is designed to target users located in Russia or Russian-speaking countries primarily. The Pizhon Ransomware acts as typical ransomware - dropped onto a computer, it will proceed to encrypt almost all of the files stored on it and then demand the payment of a ransom for their potential restoration. The Pizhon Ransomware changes the name of every file it encrypts by appending '.pizhon' followed by a string of 16 random characters. Text files carrying the ransom note will be dropped in every folder with encrypted data. The name of these text files is '!!!README!!!.txt.' Opening any of the '!!!README!!!.txt' files reveals a set of instructions written entirely in Russian. No translations into other languages have been included. The criminals expect their victims to open an...

Posted on October 28, 2020 in Ransomware

ALVIN Ransomware

The ALVIN Ransomware is a threatening crypto locker that, so far, has not been linked to any pre-existing ransomware family. If the ALVIN Ransomware manages to infiltrate the targeted computer successfully, it will initiate its encryption process. As a result, users will be locked out of the compromised device effectively due to all of the files stored on it being encrypted with an uncrackable encryption algorithm. Every encrypted file will have its name changed significantly to match a complex pattern encoded in the threat - [Email of the hackers].[Unique ID assigned to the victim].[Original Filename].[Ransomware Extension]. In the case of ALVIN, the email address placed in the filenames is 'rimon.argan@gmail.com,' while the new file extension is '.ALVIN.' The criminals behind the threat leave instructions for their victims in the...

Posted on October 28, 2020 in Ransomware

New Tab Theme Buddy

The New Tab Theme Buddy is marketed as a useful tool for customizing browser wallpapers and themes, creating personal greetings, and other related actions that may sound attractive for some users. However, malware researchers stamp this program as a browser hijacker as they have observed several potentially harmful features that it undertakes once installed on a computer. Furthermore, this program is considered a Potentially Unwanted Application (PUA) as it usually installs stealthily on a computer bundled with the installation setup of other programs. The New Tab Theme Buddy modifies the browser's settings, replacing the homepage, default search engine, and new tab URL with the address of a fake search tool named 'search.searchworm.com.' Thus, users get redirected to this fake search engine each time they launch their browser or...

Posted on October 28, 2020 in Potentially Unwanted Programs

'USAA' Email Scam

The 'USAA' email scam is a campaign that tries to trick users into providing their data, like credit card details, login credentials for online accounts, or any other data that can be potentially misused by cybercriminals. Attackers disguise the spam emails as important messages by using official names and logos of companies and organizations and putting some catching keywords in the subject line. In the particular case of the 'USAA' email scam, the emails claim to come from the popular financial services company USAA, and some have the text "Your benefit payment has been received" as a subject. Malware researchers have identified two options for this tactic. The first one's emails contain a direct link to a phishing website and aim to make potential victims click on that link to open the dubious page; in the second type, the link...

Posted on October 28, 2020 in Adware


Posing as convenient and useful tools that can help users find free PDF converters is a common tactic among the creators of browser-hijacker applications. PDFConverterSearch4Free is no different. No matter what features it might boast, having most of them will either be missing or barely functional. What the application will do without any problems, however, is to take over the browser and modify it according to its agenda. The moment PDFConverterSearch4Free is installed, it will change the homepage, new page tab, and the default search engine to open the address 'feed.pdfconvertersearch4free.com.' As a result, wherever the affected browser is simply opened, it will start generating artificial traffic towards the promoted address. Users should keep in mind that since 'feed.pdfconvertersearch4free.com' is a fake search engine, it cannot...

Posted on October 27, 2020 in Potentially Unwanted Programs


Myoglobal.work is a mostly empty website but don't let that fool you - the only reason for its creation is for the website to conduct a popular browser-based tactic. More and more such sites are being created every day. Through deceptive social-engineering tactics, users are tricked into subscribing to push-notification services of misleading websites. As a result, the affected device will start having unwanted advertisements being delivered directly to its screen. Upon landing on Myoglobal.work, visitors will be bombarded with several fake alert or error messages. The most prominent one is displayed in the website's center, claiming that users have to 'Click Allow to prove that you are not a robot.' Another message tries a different method by proclaiming 'CLICK ALLOW TO CLOSE THIS PAGE.' The advertisements generated by Myoglobal.work...

Posted on October 27, 2020 in Browser Hijackers


Mediakick.biz is an unsafe website created with a singular purpose - to propagate a popular browser-based tactic. There are countless websites dedicated to the same agenda. They employ similar social-engineering methods to deceive all unsuspecting visitors into clicking the 'Allow' button. No matter what the particular site claims that the button will do, it almost always is a lie. The truth is that clicking the button will grant the con artists all the browser permissions they require to start pushing unsolicited advertisements directly to the device's screen. The most popular tactic observed in this scheme is for the website to pretend to be performing a captcha bot check. Mediakick.biz, however, has adopted a different strategy. When users land on the website, they will be greeted by a big green 'Download' image of a button...

Posted on October 27, 2020 in Browser Hijackers


Cybersearch.xyz is classified as a browser hijacker application that targets Mac users. These applications pretend to be providing some useful or convenient features, but their main goal is to take over the user's browser. By doing so, they can start driving artificial traffic towards the specific address that is being promoted. Most browser hijackers do not get installed by the users willingly. Instead, they employ deceptive marketing tactics such as 'bundling' - hiding their own installation inside the settings of the installation process of another more popular freeware application. In other cases, the browser-hijackers will impersonate a legitimate application or a software update. Indeed, Cybersearch.xyz has been detected to be delivered by a fake Adobe Flash Player installer. That is why it also can be considered to be a...

Posted on October 27, 2020 in Mac Malware

ZaLtOn Ransomware

The ZaLtOn Ransomware is a potent crypto locker threat belonging to the Xorist Ransomware family. What sets it apart from the rest of the nearly identical variants is the email address used for communication with the hackers and the unique extension used to mark the encrypted files. The consequences of becoming a victim to the ZaLtOn Ransomware can be dire. Like the Xorist Ransomware, the ZaLtOn Ransomware can affect nearly all file types. Once it has infiltrated a computer, it will initiate its encryption procedure. Users will suddenly find that their private and business-related files have been locked with uncrackable encryption algorithms. The files also will have '.ZaLtOn' appended to their original names. The criminals behind the threat took no chances when it came to delivering their demands. The ransom note will be dropped as...

Posted on October 27, 2020 in Ransomware

Szymekk Ransomware

The Szymekk Ransomware is a new malware threat that has been released in the wild. While not entirely unique, the Szymekk Ransomware is a variant of the previously detected Cobra Locker Ransomware, it can still cause severe damage on any computer it manages to infiltrate. To further push its victims into meeting the hackers' demands, the malware acts both as a crypto locker and a screen locker. The Szymekk Ransomware looks for suitable targets, infiltrates their computers, and proceeds to encrypt nearly all of the files stored there. Every encrypted file will have '.Szymekk' appended to its original name as a new extension. The malware doesn't drop a typical ransomware note. Instead, it locks the compromised system's screen with an image of its own containing the hackers' instructions. The text is extremely brief, simply telling the...

Posted on October 27, 2020 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,521