Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.
* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Cybercriminals Are Still Taking Advantage of Covid-19 with Increased Attacks Microsoft unveiled its Asia Pacific findings from its latest Security Endpoint Threat Report for 2019, which shared that cybercriminals are making 60,000 COVID-19 themed phishing attempts daily....
Cybercriminals Sticking to Coronavirus and Financial Themes for Phishing Scams Summer is at its peak, and the online scammers are still doing whatever they can to take advantage of the uncertainty caused by the pandemic. Cyber-attacks are targeting businesses and consumers in...
Emotet Malware Uses US Election Campaign as Bait The notorious malware distribution vehicle Emotet has been back in business for a little over two months following a long break earlier this year. The subject line of one of the latest waves of...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

STOP Ransomware

STOP Ransomware screenshot

PC security researchers received reports of ransomware attacks involving a threat known as the STOP Ransomware on February 21, 2018. The STOP Ransomware is based on an open source ransomware platform and carries out a typical version of an encryption ransomware attack. The STOP Ransomware is distributed using spam email messages containing corrupted file attachments. These file attachments take the form of DOCX files with embedded macro scripts that download and install the STOP Ransomware onto the victim's computer. Learning how to recognize phishing emails and avoiding to download any unsolicited file attachments received is one of the ways to avoid these attacks. How to Recognize a...

Posted on February 26, 2018 in Ransomware

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security


Newsbreak.com screenshot

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

Posted on February 3, 2020 in Browser Hijackers

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

.HOW Ransomware

.HOW Ransomware screenshot

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

Posted on June 29, 2020 in Ransomware

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security

Search Baron

Search Baron is a potentially unwanted browser hijacker masked as a search engine application. The latter supposedly aims to turn web surfing on OSX-based Mac devices into a more satisfying experience. Yet, its bad habit of landing on the device without its user's knowledge raises suspicions about its end purpose. While the tool does not necessarily fall under any severe malware category, you may bet that it would in no way improve your browsing experience, either. Instead, Search Baron's primary goal is to promote its search services, often more aggressively than usual. A Bing search engine with a Twist The Search Baron page appears to be powered by Microsoft’s popular Bing search engine. However, the search results you would get from a regular Bing search query may come with sponsored links of suspicious quality mingled in between....

Posted on August 23, 2019 in Browser Hijackers, Mac Malware

Search Marquis

Search Marquis screenshot

Search Marquis is a Mac utility that disguises itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a malicious browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) that sneaks stealthily into Mac computers is to generate revenues for its operators by popularizing the search engine Bing.com on Mac Safari browser. This happens through a number of intermediate redirects through various dubious domains. Once installed on a Mac computer, this browser hijacking tool starts to modify crucial changes on the user's...

Posted on June 9, 2020 in Browser Hijackers, Mac Malware

More Articles


Bestbettin.xyz is home to a spin-off of the popular 'Please press Allow to Continue' tactic. The people behind websites like this one want to trick users into clicking a button that would command their Web browser to enable the notifications of an intrusive website. Bestbettin.xyz is just the same, but there is one major change – it uses a new variant of the tactic, which lies to users by telling them they have won a new iPhone X. However, claiming the prize is mandatory, and it can be done by pressing 'Allow.' As you can probably conjecture, doing this will not help you fetch an iPhone X and, instead, it will enable Bestbettin.xyz's notifications. If this change is allowed to happen, Bestbettin.xyz may gain the ability to flood your Web browser with intrusive notifications whose contents are not always trustworthy. The websites...

Posted on October 29, 2020 in Browser Hijackers


ConverterSearchPlus is a misleading file conversion add-on for popular Web browsers. Users might be tempted to install it because it promises to grant them the ability to convert various file formats with ease. However, ConverterSearchPlus's installation brings other changes too – it replaces the user's default search engine with Feed.convertersearchplus.com, while the new tab page will be Portal.converteersearchplus.com. These search pages are not harmful, and their search features do work – however, they may prioritize ads and sponsored results, and this is something users do not enjoy, undoubtedly. ConverterSearchPlus is considered a Potentially Unwanted Program (PUP), and users of reputable PC security tools will not be bothered by it. However, if your system is not protected sufficiently, there might be nothing to inform you about...

Posted on October 29, 2020 in Potentially Unwanted Programs


Thestablegreatbestupdate.best is not a website hosting stable and significant updates, certainly. Instead, it may be operated by online con artists and cybercriminals who use it to spread Potentially Unwanted Programs (PUPs), adware, and even malware by disguising them as update packages for popular software like Adobe Flash Player. You should never download updates from random, unknown websites, especially if they showed up in your Web browser because of online advertisements. The Thestablegreatbestupdate.best pop-ups usually promote a fake Adobe Flash Player update, and you are likely to encounter the pop-ups while browsing torrent trackers or websites linked to the propagation of pirated content. The Thestablegreatbestupdate.best pop-ups are fake and misleading, and you should not interact with the files they promote. Avoiding all...

Posted on October 29, 2020 in Browser Hijackers


ZipConvertAce is an intrusive browser add-on that anti-virus products detect as a Potentially Unwanted Program (PUP.) It is essential to add that software of this type is not harmful or threatening in any way – having it on your computer is not a reason to worry about your online safety. However, ZipConvertAce can be annoying because of its ability to manipulate your Web browser's configuration without your authorization. ZipConvertAce uses this ability to replace the default new tab page and search engine you use. Instead of your favorite sites, ZipConvertAce will redirect you to 3rd-party search engines with questionable behavior and reputation. The ZipConvertAce PUP is likely to be promoted as a useful archive management tool. Still, you can rest assured that its features are not worth it considering the unwanted changes it brings....

Posted on October 29, 2020 in Potentially Unwanted Programs

H@RM@ Ransomware

Protecting your computer from file-encryption Trojans is strongly recommended because of a large number of malware of this type circulating online. These threats need just a few minutes to cause potentially irreversible damage to your files, and even removing them will not help you recover fully. The H@RM@ Ransomware, in particular, is a newly spotted file-locker that seems to use a flawless file-encryption routine. It is not compatible with free decryptors, and its victims may only have one data recovery option ahead of them – restoring the lost files from a backup. When the H@RM@ Ransomware encrypts a file, it adds the extension '.<VICTIM ID>.[recoverydata98@protonmail.com].H@RM@.' Victims of the H@RM@ Ransomware are likely to see this extension added to the end of their documents, images, videos, archives, databases, and all...

Posted on October 29, 2020 in Ransomware

Carbon Backdoor

The Carbon Backdoor is a piece of malware developed by the Turla hacking group privately. This cybercrime organization is one of the most famous names in the malware research field, and their attacks have been troubling companies and organizations in various industries. The Carbon Backdoor, in particular, is often used as a secondary payload. The criminals usually rely on spear-phishing emails to reach their victims, and they often use trending topics to give their messages more credibility. In other cases, the Carbon Backdoor was delivered to victims via the so-called 'watering hole attack' – this strategy works by compromising a website, which the target uses, and then using it to deliver a threatening payload. The primary purpose of the Carbon Backdoor appears to be data theft. However, researchers note that the Trojan configuration...

Posted on October 29, 2020 in Backdoors

HyperStack Backdoor

The HyperStack Backdoor is a threat whose attacks were first observed in 2018. The development and usage of the HyperStack Backdoor are attributed to the Turla APT, a hacking organization believed to be operating from Russia. Turla's name is associated with a large number of attacks against high-profile targets, and the HyperStack Backdoor is just one of the many hacking tools in their kit. The group reuses old malware regularly, and they also make sure to introduce regular updates to their old payloads. For example, the HyperStack Backdoor has undergone several updates, and feature reworks since it was first observed in 2018. The HyperStack Backdoor is controlled by abusing the Remote Procedure Call (RPC) Windows service. In addition to this, an active HyperStack implant can try to connect to the IPC$ shares of other devices on the...

Posted on October 29, 2020 in Backdoors


FlickerStealer is a malware threat classified as an info-stealer. FlickerStealer's primary goal is to extract potentially valuable data from the users of infected devices. FlickerStealer affects Windows computers, whereby targeted versions are between Windows XP through Windows 10. This unsafe tool can be distributed through many different channels, so the actors who purchase it on the Dark Web can determine the way of proliferation. According to its creators, FlickerStealer can collect information from many applications like Steam, Mozilla Thunderbird and several messaging platforms (Discord and Pidgin). Yet, Internet browsers are mostly preferred. The list of included browsers is long, and it has the most popular ones on the market – Chrome, Mozilla, Opera, Internet Explorer/Microsoft Edge and Chromium. The extracted information is...

Posted on October 29, 2020 in Trojans


The Undertain.work pop-ups are potentially unsafe messages that trick users into subscribing to browser notifications from an empty website. The purpose of the Undertain.work pop-ups is to deliver third-party advertising content straight to its subscribers' computers or smartphones. It achieves that goal through a common misleading social engineering tactic that many Internet users still fail to recognize. When people visit this rogue website, it shows a black screen and an alert with the following text: 'Undertain.work wants to Show notifications Click Allow to confirm that you are not a robot!' It is a mock test that is supposed to confirm that the user is not a robot; however, the only consequence of clicking on the 'Allow' button is that Undertain.work receives the necessary permits to display advertisements on the user's screen....

Posted on October 29, 2020 in Browser Hijackers

Scammers Attack Trump Campaign Website

Scammers Attack Trump Campaign Website screenshot

Unknown perpetrators attacked and defaced Donal Trump’s presidential election campaign website on Tuesday. The attackers briefly took over control of DonaldJTrump.com and defaced the "Events" and "About" pages. The affected pages displayed a message from the cybercriminals for approximately 30 minutes after which the whole website was temporarily shut down. In another 30 minutes the website was back up and running. The hackers claimed they had "seized" the website and they had gained access to multiple devices and "strictly classified information." The perpetrators’ message went on to say that the alleged information completely discredited President Trump. Supposedly, they had evidence...

Posted on October 29, 2020 in Computer Security


Trustcontent.monster is a fraudulent website dedicated to conducting a browser-based scheme. By employing deceptive tactics to trick unsuspecting users into subscribing to its push-notification services, the website can start delivering unsolicited advertisements and generating revenue for its creators. Trustcontent.monster is just one of a myriad of similar misleading websites. When visitors land on it, Trustcontent.monster will show them several fake alerts or error messages trying to convince the users to click the 'Allow' button. Furthermore, an image of a video that is buffering currently will be displayed. The implication is that something is preventing the video from running smoothly and the users must click 'Allow'to view it. As we said, however, following the instructions and clicking the button will have an entirely different...

Posted on October 28, 2020 in Browser Hijackers


Fuer.pro is another addition to the countless, mostly empty websites that are designed with a single goal in mind - to generate revenue for their creators by propagating a browser-based tactic. Users are tricked into subscribing to these websites' push-notification services, and, as a result, they will be subjected to unwanted advertisements being delivered to the screen of their devices directly. After landing on Fuer.pro, visitors will be shown several fake alerts or error messages. The website also may pretend to be conducting a bot captcha check. Another popular tactic is for Fuer.pro to display the image of a video that is buffering currently. It then states that users must click on the 'Allow' button to watch the entire video. However, the truth is that clicking 'Allow' will grant Fuer.pro the necessary browser permissions to...

Posted on October 28, 2020 in Browser Hijackers


Liveplayingnow.com is a suspicious website that, despite what its name may imply, has only one function - to propagate a browser-based tactic. The end goal is to start delivering various unsolicited advertisements to the user's device generating monetary gains for the creators of the site in the process. To achieve this, Liveplayingnow.com must trick any unsuspecting visitor to grant it the permissions required for the delivery of advertisements through push-notifications. The site displays fake alerts or error messages that try to convince the user to click the 'Allow' button no matter what the specified text is. Other social engineering tactics also are employed. For example, Liveplayingnow.com displays a message that pretends to be conducting an age verification check prominently, with the implication that the user can then proceed...

Posted on October 28, 2020 in Browser Hijackers


Search.searchworm.com is a fake search engine being promoted by browser-hijacker applications that affect Windows and Mac users. The goal is to generate artificial traffic towards the specific address. To achieve this, search.searchworm.com has been detected to be promoted by variants of the notorious Trovi browser hijacker, as well as an application called New Tab Theme Buddy. Most often than not, these applications are not installed willingly by the users, and instead, they rely on deceptive marketing tactics. That is why they can be classified as Potentially Unwanted Programs (PUPs). When a browser hijacker is installed onto the user's computer, it will take over certain browser settings. The homepage, new page tab, and the default search engine will be modified to open the search.searchworm.com address. Then, if the user simply...

Posted on October 28, 2020 in Browser Hijackers

Xdddd Ransomware

The Xdddd Ransomware is a malware threat. The Xdddd Ransomware goal is the same as all the other threats of this type - to lock the users' files with an uncrackable encryption algorithm and then extort the victims for the potential restoration of the data. The Xdddd Ransomware is based on the previously detected Paradise Ransowmare. When the Xdddd Ransomware begins its encryption algorithm, it will change every affected file's original filename. The threat follows a complex algorithm - it appends the unique ID for the specific victim, followed by the hackers' email, and finally '.xdddd' as a new extension. The email address used to contact the hackers behind this particular ransomware is 'asdasda@hotmail.com.' The customary instructions for the victims are delivered as files named '#DECRYPT MY FILES#.html' that are dropped in every...

Posted on October 28, 2020 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,522