Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.

Try SpyHunter (FREE)!*

* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Beware: Cybercriminals Leveraging Coronavirus to Exploit Computer Users and Spread Malware It hasn't taken a lot of time for threat actors to realize the social engineering opportunity that the novel coronavirus (2019-nCoV) has presented them. The respiratory infection that originated in...
Infections Abound as Computer Malware Exploiting COVID-19 Coronavirus Spreads Rapidly Adding to Worldwide Hysteria There's no doubt that the Coronavirus has created a worldwide hysteria and pandemic from having a negative impact on many economies to pressing government officials to hold conferences addressing...
Hackers Exploiting Coronavirus Fears To Push Malware As the Covid-19 pandemic goes into full swing, we see increasing numbers of hackers and nation-state actors trying to exploit the global fears for their own gains, spreading malicious software...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security

Shlayer Trojan

Shlayer Trojan screenshot

The Shlayer Trojan is a cyber-threat aimed at Mac users who might be interested in trying out application stores other than the official App Store by Apple. The Shlayer Trojan might be promoted to the users as an independent application delivery platform that offers discounts on premium software. The Shlayer platform was reported of delivering harmful programs, unwanted browser extension, unrequested Internet settings modifications, promoting questionable shopping helpers and distributing supposedly free premium applications. The Shlayer Trojan was recognized by computer security researchers in January 2019 when the users started reporting fake Adobe Flash updates to Web browser vendors....

Posted on February 15, 2019 in Mac Malware, Trojans

CoronaVirus Ransomware

CoronaVirus Ransomware screenshot

The CoronaVirus Ransomware (also called CoronaVi2022 Ransomware) is a file-locker, which was released in the wild recently, and it seems that its author has opted to use the name of the Coronavirus (also known as COVID-19), which is a disease that is threatening users worldwide. Just like the disease it is named after, the CoronaVirus Ransomware also threatens users worldwide, but in a different way – it will try to encrypt their files, and also overwrite the contents of their drive's Master Boot Record (MBR). The latter operation may cause a lot of trouble, since the victims' computers will not load their operating system and, instead, they will display a copy of the CoronaVirus...

Posted on March 12, 2020 in Ransomware

Hackers Spreading Malware via Coronavirus Maps Online

Hackers Spreading Malware via Coronavirus Maps Online screenshot

The ongoing outbreak of the coronavirus is now disrupting business across the world, but apparently cybercriminals have no days off, since they're just as active as they were before the beginning of the outbreak. It appears they are now capitalizing on the fears of the people regarding the pandemic. It was back in January that the hackers started using the coronavirus threat as a focus of an email campaign that infected users with malware, and now they are expanding their operations to coronavirus outbreak maps that follow the number of infections and deaths across the world. Many organizations are feeling the pressure from these attacks, such as John Hopkins University who created...

Posted on March 11, 2020 in Computer Security

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

Win32 malware.gen

Win32 malware.gen screenshot

Win32 Malware.gen is a so-called generic threat - a suspicious file fetched by an anti-virus scan that appears to be malicious but does not match any of the definitions of known malware threats contained in the anti-virus software's database. Therefore, an alert from an anti-malware program for a Win32 Malware.gen detection indicates that there is a 32-bit file on a Windows operating system that should be flagged for further inspection. An infection generally described as Win32 Malware.gen is thus a heuristic detection designed to indicate the presence of some kind of a yet undetermined Trojan horse for Windows PCs. It is also possible that files reported as a Win32 Malware.gen infection...

Posted on July 5, 2010 in Trojans

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security


AntiMalware screenshot

A typical deceptive campaign is disguising harmful threats as legitimate security programs in order to steal money from inexperienced victims. AntiMalware is a particularly short-named version of this campaign, with clones with names such as Active Security and Total Security. AntiMalware uses an interface that is very similar to the Windows Defender and legitimate Microsoft security programs, to make the victim believe that AntiMalware is a legitimate anti-malware application. Observing AntiMalware's design, you will quickly spot authentic-looking Windows and Microsoft Security Essentials logos as well as a layout that may seem familiar to most users of legitimate Microsoft Security...

Posted on November 9, 2009 in Rogue Anti-Spyware Program

More Articles


The USBCulprit is a threat that has been spotted recently by malware experts. However, evidence would suggest that the USBCulprit malware may have been active since 2014. It would appear that the USBCulprit threat is the creation of a hacking group referred to as Cycldek. The group also is known under the aliases Hellsing, Conimes, and Goblin Panda. Most of the targets of the Cycldek group are high-ranking politicians. The Cycldek hacking group has been going after targets located in South East Asia recently. The Cycledek hackers are known to use a wide variety of tools – infostealers, RATs (Remote Access Trojans), backdoors, etc. However, the most notable hacking tool in the arsenal of the Cycldek group is the USBCulprit threat. The USBCulprit threat is a complex piece of malware designed to target air-gapped systems. Systems that are...

Posted on June 4, 2020 in Malware


The Cycldek APT (Advanced Persistent Threat) was first spotted by malware analysts in 2018. However, after studying the campaigns carried out by the Cycldek group, it became evident that the APT has likely been active since 2014. Most of the campaigns of the Cycldek group are carried out in South East Asia. The hacking group tends to go after high-profile politicians and important government bodies. The Cycldek hacking group has a wide variety of hacking tools at its disposal. This APT uses both hacking tools and legitimate software in their campaigns. The latter technique is referred to as living-off-the-land tools. In one of their latest operations, the Cycldek group revealed a very impressive piece of malware called USBCulprit. This high-end hacking tool is designed to infiltrate air-gapped systems and steal classified information...

Posted on June 4, 2020 in Advanced Persistent Threat (APT)

BlueCore RAT

The BlueCore RAT (Remote Access Trojan) is a hacking tool that belongs to the arsenal of the Cycldek hacking group. The Cycldek APT (Advanced Persistent Threat) is likely to originate from China and tends to go after political institutions and high-ranking politicians in South East Asia. Most of the targets of the Cycldek group’s latest campaigns are located in Laos, Vietnam and Thailand. The BlueCore RAT has been utilized against targets located in Vietnam, mainly. However, cybersecurity researchers have spotted the BlueCore RAT present on compromised systems located in Thailand and Laos. The Cycldek APT appears to have used the BlueCore RAT in combination with another one of their custom-built hacking tools, dubbed RedCore RAT. This is likely done by mistake, as it is unlikely that the Cycldek group intended to use both hacking tools...

Posted on June 4, 2020 in Remote Administration Tools

RedCore RAT

The RedCore RAT (Remote Access Trojan) is a custom-built hacking tool that was developed by the Cycldek group. This group of cybercriminals is likely to originate from China. Recently, the Cycldek hacking group has concentrated its efforts in the South East Asian region, namely Thailand, Vietnam and Laos. The Cycldek APT (Advanced Persistent Threat) is known to target foreign government bodies, as well as significant politicians. The RedCore RAT is based on one of the most significant custom-built tools by the Cycldek APT – the NewCore RAT. This hacking group used the NewCore RAT to create another new tool, apart from the RedCore RAT, which has been dubbed BlueCore RAT. The capabilities of the BlueCore RAT are rather limited compared to those of the RedCore RAT. When the RedCore RAT compromises a targeted computer, it will be capable...

Posted on June 4, 2020 in Remote Administration Tools


The HDoor hacking tool is a threat, which likely originates from China and has been around for quite a while. Despite this, the HDoor tool is used to this day. One of the latest high-profile APTs (Advanced Persistent Threats) using the HDoor malware is the Cycldek hacking group. The Cycldek APT is operating from China and tends to go after high-profile targets in the South East Asian region. The Cycldek hacking group uses a lighter version of the HDoor, instead of the original variant of the threat. The version of the HDoor threat used by the Cycldek hacking group is designed to look for available ports. This piece of malware also is capable of transferring data between local network hosts, which are offline. The full-fledged variant of the HDoor malware has more features, including the ability to disable anti-malware applications that...

Posted on June 4, 2020 in Backdoors


The JsonCookies malware is a publicly available hacking tool that has been utilized by the Chinese hacking group Cycldek recently. The Cycldek APT (Advanced Persistent Threat) originates from China and uses both custom-made malware and publicly available hacking tools like the JsonCookies threat. The JsonCookies malware is a rather simple hacking tool. Despite its simplicity, the JsonCookies tool can serve a key role in hacking campaigns. This hacking tool collects cookies from Chromium-based Web browsers via SQLite databases. Instead of looking for specific cookies, the JsonCookies tool would misappropriate the entire database, including: Cookie name. ID. Cookies value. Domain name corresponding to the values. The collected information is aggregated in a file named ‘FuckCookies.txt.’ The file in question would be transferred to the...

Posted on June 4, 2020 in Malware


The ChromePass tool is a legitimate, publicly available service that is created to aid users in recovering their passwords from Chromium-based Web browsers, like Google Chrome. However, evil actors spotted the golden opportunity and weaponized the ChromePass tool quickly. The ChromePass tool is used both by low-level crooks and high-tier APTs (Advanced Persistent Threats) like the Cycldek hacking group. The Cycldek APT is known to have launched attacks against various government bodies and influential politicians with the help of the ChromePass tool. Most of the ChromePass attacks carried out by the Cycldek hacking group have been concentrated in the South East Asian region. The ChromePass utility aggregates the collected data in an HTML file on the infected system. Since the ChromePass tool alone is not able to siphon the collected...

Posted on June 4, 2020 in Malware

Sharp Increase in Malicious Banking Software Shows Need for Increased Security

Sharp Increase in Malicious Banking Software Shows Need for Increased Security screenshot

A sharp increase in the volume of malicious software was observed, going for money and banking credentials theft from affected user accounts, according computer security researchers from Kaspersky. The security company noticed the trend in Q1 2020, with 42,115 files on this kind being found. This was an increase of two and a half times more than Q4 2019. Attempts made to steal that kind of information through mobile banking are a known and established threat in the cyber community. They're used to steal funds right from bank accounts of affected victims. Malicious programs of that kind are often made to imitate legitimate financial apps, but when the victim attempts to access the genuine...

Posted on June 4, 2020 in Computer Security

Mongo Search

The Mongo Search is a Web browser extension, which will not offer its users any helpful utilities or enhance their browsing quality by any means. The Mongo Search add-on has been listed as a PUP (Potentially Unwanted Program) by malware experts. This is because as soon as you install the Mongo Search extension, the add-on will alter the settings of your system. Changing the settings of a user's system without their consent is something a genuine Web browser extension will never partake in. The goal of the Mongo Search add-on is to set up the Browser.mongosearch.net website as your default new tab page. By doing this, the Mongo Search extension would boost the traffic of the affiliated website. This site hosts a basic search engine, which pales in comparison to services like Google, Yahoo and Bing. If you are redirected to the...

Posted on June 3, 2020 in Potentially Unwanted Programs


The Guesstimateds.com Web page hosts a common online tactic whose goal is to trick visitors into believing that they have won a high-value prize. Usually, fake sites like the Guesstimateds.com page claim that the users have won the latest model iPhone or Samsung mobile phones as they are certain to attract the attention of the users. To claim the expensive prize offered, the user will be required to complete a survey. To pressure the user further, the Guesstimateds.com site will spawn a timer that counts down two minutes. According to the website, the visitors only have two minutes to complete the survey and claim their prizes. Users are warned that unless they complete the survey within two minutes, they will not be able to claim the valuable prize. In some cases, users may even be required to send a costly text message to confirm...

Posted on June 3, 2020 in Browser Hijackers

'Transaction Received' Email Scam

There is a new online tactic that targets users who use cryptocurrencies – the 'Transactions Received' email scam. This online con is also known as 'Transactions received into blockchain wallet' email scam. The 'Transactions Received' email scam claims that the recipient's cryptocurrency wallet has been topped up with 0.55 BTC, which is about $5,200. It is understandable why such a sum would attract the attention of users and why they may want to investigate more. To make the scheme believable, the 'Transactions Received' email carries the logo of Blockchain.com. Furthermore, the fraudulent email also contains links to the official Blockchain.com applications for iPhone and Android. The recipient of the fake email will be required to click on a link, which is meant to confirm the transaction and help them claim the money. However, if...

Posted on June 3, 2020 in Adware

Dupzom Trojan

The Dupzom Trojan is a threat that was first spotted over a decade ago, back in 2019. The goal of the Dupzom Trojan is to serve as an initial payload, which will then help the attackers plant more threats in the infiltrated system. There have been several key updates released in the 10-years that the Dupzom Trojan has been active. One of the most recent, significant updates was released in 2015. When the Dupzom Trojan infiltrates a targeted computer, it may not proceed with planting additional malware immediately. It is likely that the Dupzom Trojan will operate in the background for a while silently before taking the next step. The Dupzom Trojan will gain persistence on the compromised computer via a new Registry key. The Registry key in question would make sure that the Dupzom Trojan is up and running every time the users restart...

Posted on June 3, 2020 in Trojans

'UBS Investment' Email Scam

The 'UBS Investment' email scam is yet another online con that targets naïve users. There are countless email tactics that mislead users into believing that they can become millionaires in just a few minutes. In the case of the 'UBS Investment' email scam, the targeted users will receive an email that would appear to offer them 15 million in GBP (Great British Pounds). The fraudulent message appears to originate from an employee from the UBS Investment Bank. The message states that the sender has stumbled upon a bank account loaded with 15 million GBP, which belongs to a client of the bank who has passed away and does not have a family to inherit the fortune. The fraudsters claim to offer the targeted user 40% of the sum, as it should be split between them and the bank employee who is carrying out the complex operation. However, to...

Posted on June 3, 2020 in Adware


The Espectorsuhar.club page is an empty website, which does not offer its visitors any worthwhile content. The goal of this site is to hijack the Web browser notifications of its users. The administrators of the Espectorsuhar.club website are running a low-tier online tactic known as 'Please Click Allow to Continue.' This is a very popular con utilized by numerous shady websites online. When you try to open the Espectorsuhar.club site and view its content, you will see a fake CAPTCHA test. The bogus CAPTCHA test requires the users to click on the 'Allow' button on their screens to corroborate that they are not a robot. However, doing so permits the Espectorsuhar.club site to display notifications via the user's Web browser. Sites like the Espectorsuhar.club page use this permission to spam users with unwanted advertisements. It is...

Posted on June 3, 2020 in Browser Hijackers


The Twithoughodi.club site is a bogus Web page that hosts a popular tactic often referred to as 'Please Click Allow to Continue.' There are countless con-artists who utilize this common low-level online scheme to generate revenue via advertisements. Pages like the Twithoughodi.club site often claim to contain interesting articles or exciting videos. Unfortunately, nothing can be so opposed to the truth, as this site is not hosting any content of value. When you try to view the content promised by the Twithoughodi.club site, you will be greeted by a prompt that would ask you to click 'Allow.' If you comply, you will permit the Twithoughodi.club site to send you notifications via your Web browser. This will result in constant ad-spam that will not be halted even if you close your Web browser inevitably. The advertisements promoted by the...

Posted on June 3, 2020 in Browser Hijackers
1 2 3 4 5 6 7 8 9 10 11 1,447