Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.
* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Cybercriminals Are Still Taking Advantage of Covid-19 with Increased Attacks Microsoft unveiled its Asia Pacific findings from its latest Security Endpoint Threat Report for 2019, which shared that cybercriminals are making 60,000 COVID-19 themed phishing attempts daily....
Cybercriminals Sticking to Coronavirus and Financial Themes for Phishing Scams Summer is at its peak, and the online scammers are still doing whatever they can to take advantage of the uncertainty caused by the pandemic. Cyber-attacks are targeting businesses and consumers in...
Hackers Exploiting Coronavirus Fears To Push Malware As the Covid-19 pandemic goes into full swing, we see increasing numbers of hackers and nation-state actors trying to exploit the global fears for their own gains, spreading malicious software...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security


Newsbreak.com screenshot

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

Posted on February 3, 2020 in Browser Hijackers

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

.HOW Ransomware

.HOW Ransomware screenshot

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

Posted on June 29, 2020 in Ransomware

IT Ransomware

IT Ransomware screenshot

IT Ransomware is a brand-new data-locking Trojan that appears to be a rather basic project. This file-locker is also known as the CobraLocker Ransomware. Despite not being a very high-end threat, the IT Ransomware is fully capable of causing significant damage to its targets. Unfortunately, the IT Ransomware does not appear to be decryptable for free. Propagation and Encryption Threats like the IT Ransomware often go after a variety of filetypes that are likely to be present on the system of every regular user. This means that the IT Ransomware will not spare any images, documents, presentations, databases, spreadsheets, archives, audio files, videos and other filetypes that are common....

Posted on July 9, 2020 in Ransomware

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security

Search Baron

Search Baron is an application tailored for Apple's OSX specifically. While the Search Baron application does not fall under the category of malware, rest assured that it would in no way improve your browsing experience. The Search Baron application's only goal is to promote its own search services aggressively. The Search Baron page uses the Bing search engine to deliver results to the user. However, the search results may be of poor quality, and this application may even redirect users to third-party websites with dubious content. It appears that the Search Baron software also spams the user with unwanted advertisements. Can Sneak into Your System Silently If you install the Search Baron application, it will make changes to your default homepage, as well as your new tab page, changing it to its own website that contains the search...

Posted on August 23, 2019 in Browser Hijackers, Mac Malware

Search Marquis

Search Marquis screenshot

Search Marquis is a Mac utility that disguises itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a malicious browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) that sneaks stealthily into Mac computers is to generate revenues for its operators by popularizing the search engine Bing.com on Mac Safari browser. This happens through a number of intermediate redirects through various dubious domains. Once installed on a Mac computer, this browser hijacking tool starts to modify crucial changes on the user's...

Posted on June 9, 2020 in Browser Hijackers, Mac Malware

More Articles


ProgressBuffer is a Potentially Unwanted Program (PUP) that targets Mac users. It is designed to drive artificial traffic towards a promoted fake search engine. The application also displays the behavior of adware by delivering unwanted advertisements to users. The most common tactic used by PUPs is to hide the fact that they are going to be installed on the computer several menu layers deep inside the installation process of another more popular or useful, freeware program. This dissemination method is called bundling, and it alone is enough of a reason to consider these applications as PUPs (Potentially Unwanted Programs). No matter how ProgressBuffer got inside a Mac system, it will modify certain browser settings and keep overriding them every time the affected users attempt to restore them to their previous state. The homepage,...

Posted on September 30, 2020 in Mac Malware


As its name suggests, SearchRadioStation will supposedly help users find their desired radio station in a more convenient and efficient way. However, in reality, SearchRadioStation is barely anything more than a browser-hijacker application, designed to drive artificial traffic to its promoted address. The most obvious sign that SearchRadioStation is present on your computer is if your browser suddenly starts to open the feed.searchradiostation.com address upon started. The same will also be through for any new tab page or any search queries conducted through the affected browser. While SearchRadioStation is still installed, it will override any attempts to revert these settings to their original state. The search engine promoted by SearchRadioStation is categorized as being fake thanks to its inability to produce any search results on...

Posted on September 30, 2020 in Potentially Unwanted Programs

Search Omiga

The Search Omiga is a Possibly Unwanted Application (PUP) dedicated to promoting the keysearchs.com address, which is a fake search engine. The goal is to lead artificial traffic to the address achieved by taking over certain browser settings and preventing users from changing them back to their original state. Once the Search Omiga has been installed on a computer, keep in mind that, in most cases, these browser-hijacker applications are not installed willingly, and instead, rely on deceptive distribution tactics such as bundling, it proceeds to set the homepage, new page tab, and the default search engine to open keysearchs.com immediately. As a result, even opening the browser is enough to generate traffic to the promoted site. Keysearchs.com is considered to be a fake engine due to its inability to provide any search results on its...

Posted on September 30, 2020 in Potentially Unwanted Programs

EasyRansom Ransomware

So far, the EasyRansom Ransomware has not been categorized as part of any existing ransomware family, which means that it might be an entirely unique threat. Its behavior, however, shows little deviation from that of a typical ransomware threat. Its goal is to infiltrate the targeted computer and encrypt most of the files stored on it with a potent cryptographical algorithm rendering them unusable and inaccessible. Users are locked out from their personal or business-related files effectively. The extension appended to the encrypted files' original filenames is '.easyransom.' The note containing instruction from the hackers behind the attack is dropped in the form of text files named easyransom_readme.txt.' It seems that the EasyRansom Ransomware is designed to target computer users located in South Korea specifically, evidenced by the...

Posted on September 30, 2020 in Ransomware

Isos Ransomware

The Isos Ransomware is a potent malware threat that is part of the Phobos Ransomware family. Once inside the victim's computer, the Isos Ransomware initiates an encryption process that scrambles the files on it with a robust asymmetrical RSA encryption algorithm. A complex pattern is used to modify the names of all locked files. It includes adding a string of random characters assigned to each victim, followed by an email address under the criminals' control, and finally '.isos' as a new extension. The email in question is 'helpisos@aol.com.' As is the norm for ransomware threats from the Phobos Ransomware family, the Isos Ransomware leaves its victims with a note containing the hackers' instructions. The note is dropped as two different files. One is a text file simply named 'info.txt' while the other is an 'info.hta.' file used for...

Posted on September 30, 2020 in Ransomware

LYLI Ransomware

The LYLI Ransomware is another malware threat that has been spawned from the prolific STOP/DJVU Ransomware family. This new variant operates in much the same way. The LYLI Ransomware infects computers, initiates an encryption process that employs powerful cryptographic algorithms effectively lock users out of accessing their files, and demands money in exchange for the restoration.  The LYLI Ransomware, like the many members of the STOP/DJVU Ransomware family, affects nearly all of the popular file types such as MS Office files, audio and video, databases, PDFs, etc. After encryption, the LYLI Ransomware changes the original filenames by appending '.lyli' as a new extension. The hackers leave their instructions to the victims in the form of a text file named '_readme.txt.' According to the ransom demand, the LYLI Ransomware victims...

Posted on September 30, 2020 in Ransomware

Zenon Clipper

Zenon is a threatening piece of software that malware researchers classify as a "clipper." The main functionality of a so-called "clipper" is to redirect outgoing cryptocurrency transfers from the victim's wallets to wallets controlled by the malware operators. Zenon achieves its goal by detecting when the affected user saves a cryptocurrency wallet address to their clipboard, capturing that address, and then replacing it with the address of some of the cybercriminals' wallets. This specific clipper is considered threatening particularly, as it possesses remarkable anti-detection and anti-analysis capabilities. Furthermore, it targets transactions to most popular cryptocurrency wallets, including Bitcoin, Monero, Etherium, Life Coin, DogeCoin, Qiwi, Ripple and others. The Zenon Clipper is currently offered for sale on underground...

Posted on September 30, 2020 in Potentially Unwanted Programs


Cloystercdn.com is a bogus website designed to redirect its visitors to other untrusty websites or deliver potentially unsafe content to their computers. Usually, people come across this online tactic because they have a browser hijacker installed within their browser, redirecting them to such questionable pages. Cloystercdn.com first checks its visitors' IP addresses to determine their geolocation; then, it decides which actions to perform. Cloystercdn.com also uses a well-known trick to make users subscribe to its browser notifications. Cloystercdn.com displays a fake error message with an embedded 'Allow" button and then asks the visitor to click on that button to proceed to the website's actual content. Users who agree to receive messages from Cloystercdn.com will only be flooded with intrusive advertisements appearing all the time...

Posted on September 30, 2020 in Browser Hijackers


Characting.club is an online tactic based on social engineering techniques. This website's primary goal is to trick users into accepting its browser notifications so that it can send them sponsored third-party content and generate revenues for its operators. Characting.club advertisements and pop-ups can be very intrusive since they may show up even if no browser is launched, cover all other currently display content, slow down the device performance, and, most of all, contain potentially corrupted links or files. When Internet users visit Characting.club's page, they come across a fake test message that is supposed to confirm that the user is not a robot. However, clicking on this button gives the unsafe website the permission it needs to deliver its corrupted advertising content straight to the victim's desktop. Characting.club's...

Posted on September 30, 2020 in Browser Hijackers


Yourtopnews.com is an unsafe website whose goal is to send advertising content to users' computers directly. To achieve its purpose, Yourtopnews.com needs users' to provide it with permission to display browser notifications, which it gains through a misleading tactic. When the users visit Yourtopnews.com, they see the following message: 'Yourtopnews.com wants to Show notifications Click the Allow button to subscribe to the push notifications and continue watching' Yourtopnews.com claims that the visitors need to click on the "Allow" button and subscribe to its push notifications if they wish to keep watching some video files. Inexperienced users often fall into that trap, not anticipating that all messages from Yourtopnews.com can hide huge dangers for their online safety. The Yourtopnews.com website typically promotes other unsafe...

Posted on September 30, 2020 in Browser Hijackers

Smooth Search Tab

The Smooth Search Tab is a Possibly Unwanted Program (PUP) that acts as a browse-hijacker application that takes over a particular browser setting to promote a fake search engine. While the Smooth Search Tab tries to entice users by offering them a clean tab look and a couple of useful links to popular websites. Its main goal, however, is, as we said, to drive artificial traffic to its promoted site. Once installed, oftentimes through deceitful distribution methods such as bundling, the Smooth Search Tab will modify the homepage, new page tab, and the default search engine of the browser to open https://smoothsearch.online immediately. By simply starting the browser afterward, the user will already be generating traffic towards it. It should be noted that by itself, https://smoothsearch.online cannot provide any search results at all,...

Posted on September 29, 2020 in Potentially Unwanted Programs


Tiktok-labs.com is an advertising website that delivers various dubious advertisements to any visitors who land on it. It should be noted that in almost zero cases, users land on websites such as Tiktok-labs.com willingly. Instead, they are driven there by either a previously visited website or by having an adware application present on their devices. The advertisements generated by Tiktok-labs.com could be for various barely useful Chrome extensions, suspicious software updates, adult websites, shady online games or casino websites. Users who see the advertisements by Tiktok-labs.com should try to contain the urge to click on any of them. If the redirects persist, it is recommended to scan the device with a reputable anti-malware program for any potential adware applications that might be lurking on it. These applications often rely...

Posted on September 29, 2020 in Browser Hijackers

'I have some bad news for you' Email Scam

No matter how it might seem at first glance, the email that starts with 'I have some bad news for you' is nothing more than a blatant attempt to scare users into sending money to the people behind the tactic. Not a single one of the claims made in the email are true, and, as such, the entire email shouldn't be taken seriously. Instead, it should be ignored and disregarded completely. The fraudsters state that they have injected the targeted user's computer with a Trojan threat that has allowed them to collect various contact lists and data. They also claim that by taking control of the camera and microphone, they have been able to obtain an explicit video of the user visiting adult websites. If the sum of $1500 in Bitcoin is not sent to the provided wallet address, the con artists threaten to release the video to all of the victim's...

Posted on September 29, 2020 in Adware


Meetclick.biz is an unsafe website that promotes a browser-based tactic. Usually, users do not open sites similar to Meetclick.biz willingly. Instead, they are being redirected by other suspicious websites, by clicking on shady advertisements, or by having adware or Potentially Unwanted Programs (PUPs) installed on their devices. No matter why people get to land on Meetclick.biz, they will be subjected to various fake alert or error messages. The specific text of the fake messages may vary, but they all rely on social-engineering tricks to convince unsuspecting users into clicking the 'Allow' button. This is the crux of the tactic, as once the users fall the trap and click the button, Meetclick.biz will receive the necessary browser permission to start delivering third-party advertisements to the screen of the device directly. Closing...

Posted on September 29, 2020 in Browser Hijackers

JB88 Ransomware

The infosec experts who first detected the JB88 Ransomware determined that it is not an entirely new ransomware threat. Instead, it can be categorized as being part of the Matrix Ransomware family. Being based on a previously released malware doesn't diminish the JB88 Ransomware's potency in the slightest, though. Suppose the JB88 Ransomware manages to infiltrate a computer successfully. In that case, it will proceed to encrypt the stored files by using a combination of two strong encryption algorithms - AES-256 and RSA-2048, to ensure that the locked files cannot be restored by brute-forcing the decryption key. The JB88 Ransomware follows a complex pattern for the names it assigns to every encrypted file. First, it appends an email address that belongs to the hackers - Jonbrown88@criptext.com, in this case, then a random string that...

Posted on September 29, 2020 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,508