Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.
* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Cybercriminals Are Still Taking Advantage of Covid-19 with Increased Attacks Microsoft unveiled its Asia Pacific findings from its latest Security Endpoint Threat Report for 2019, which shared that cybercriminals are making 60,000 COVID-19 themed phishing attempts daily....
Cybercriminals Sticking to Coronavirus and Financial Themes for Phishing Scams Summer is at its peak, and the online scammers are still doing whatever they can to take advantage of the uncertainty caused by the pandemic. Cyber-attacks are targeting businesses and consumers in...
Emotet Malware Uses US Election Campaign as Bait The notorious malware distribution vehicle Emotet has been back in business for a little over two months following a long break earlier this year. The subject line of one of the latest waves of...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

STOP Ransomware

STOP Ransomware screenshot

PC security researchers received reports of ransomware attacks involving a threat known as the STOP Ransomware on February 21, 2018. The STOP Ransomware is based on an open source ransomware platform and carries out a typical version of an encryption ransomware attack. The STOP Ransomware is distributed using spam email messages containing corrupted file attachments. These file attachments take the form of DOCX files with embedded macro scripts that download and install the STOP Ransomware onto the victim's computer. Learning how to recognize phishing emails and avoiding to download any unsolicited file attachments received is one of the ways to avoid these attacks. How to Recognize a...

Posted on February 26, 2018 in Ransomware

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security


Newsbreak.com screenshot

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

Posted on February 3, 2020 in Browser Hijackers

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

.HOW Ransomware

.HOW Ransomware screenshot

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

Posted on June 29, 2020 in Ransomware

Zeus Trojan

Zeus Trojan screenshot

The Zeus Trojan is the most widespread and common banking Trojan today. There are countless variants of the Zeus Trojan, also known as Zbot and Zitmo. There are regional variants that target computers in specific areas of the world as well as mobile-specific variants designed to attack mobile operating systems such as Android or BlackBerry platforms. In all cases, the Zeus Trojan is used to steal banking information. This dangerous malware infection can be used to steal account names and numbers, banking account passwords, and credit card numbers. The Zeus Trojan can also be utilized to capture particular information that can then be used to steal a victim's identity. ESG security...

Posted on March 27, 2006 in Trojans

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security

Search Marquis

Search Marquis screenshot

Search Marquis is a Mac utility that disguises itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a shady browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) is to sneak stealthily into Mac computers and generate revenue for its operators. This happens through a number of intermediate redirects through various dubious domains before displaying Bing.com results. Once installed on a Mac computer, this browser hijacking tool starts to modify options in the user's browser. It sets http://www.searchmarquis.com as...

Posted on June 9, 2020 in Browser Hijackers, Mac Malware

More Articles


Atoridenc.top belongs to the ever-growing number of mostly empty websites that are designed to probate a browser-based tactic. Users who land on Atoridenc.top, or any of the other virtually identical websites, are shown various fake alerts or error messages. These alerts' text may vary, but their goal is always the same - to convince the user to click the 'Allow' button. Doing so will allow the websites to start delivering unsolicited advertisements to the affected device generating revenue for their creators in the process. In the case of Atoridenc.top, visitors can be shown one of several possible schemes. The site can pretend to be conducting a captcha check for bots by displaying the 'Click Allow to confirm you are not a robot.' message prominently. Other deceitful messages produced by the site may include: 'Atoridenc.top wants to...

Posted on November 27, 2020 in Browser Hijackers


Odrivicdriv.top is a fraudulent website propagating a popular browser-based tactic. Visitors who land on it are shown various fake alerts or error messages that all are socially-engineered to try and trick them into clicking the 'Allow' button. The consequences of following the instructions and clicking the button will be a stream of unsolicited advertisements being generated by the tactic website directly to the affected device's screen. Odrivicdriv.top is far from being a unique occurrence. In fact, it is the exact opposite as countless virtually identical sites all dedicated to the propagation of this tactic are being brought into existence almost daily. The specific tactic employed by Odrivicdriv.top is to show its visitors a progress bar that is accompanied by the following message: 'Please tap the Allow button to continue' While...

Posted on November 27, 2020 in Browser Hijackers


Flip-search.com is a fake search engine's address. Usually, such fake engines are promoted by numerous browser-hijacker applications designed to control the user's Web browser and, more specifically, the homepage, new page tab, and the default search engine. These settings will be modified to open the promoted fake search engine, and every time they are opened, it would generate artificial traffic towards the address. Another common functionality observed in browser hijackers is their ability to harvest various system data. In most cases, the collected information includes browser and search history, clicked URLs, geolocation, IP address, and Internet provider, but some applications try to dig far deeper and actually attempt to access credit or debit card details. Flip-search.com is classified as a fake search engine due to its...

Posted on November 27, 2020 in Mac Malware

Adr Ransomware

The Adr Ransomware behaves as a typical ransomware threat, but, so far, infosec researchers have not placed it as part of any pre-existing malware family, which makes it a unique threat. When the Adr Ransomware infiltrates a computer, it leverages a strong encryption algorithm to encrypt the files stored there. Affected users will realize that they no longer access their personal or business files leading to potentially severe consequences. This particular ransomware threat changes the names of the files it encrypts drastically. In fact, it substitutes them entirely with a random string of characters that also varies in length, followed by '.adr' as a new extension. The Adr Ransomware's ransom note is then dropped in the 'C:\Users\[Username]' folder as a text file named 'DesktopDECRYPT_ME.TXT.' The instructions left by the...

Posted on November 27, 2020 in Ransomware

CoderWare Ransomware

The CoderWare Ransomware is a potent malware threat that aims to extort money from its victims after locking up their computer files with uncrackable encryption. So far, CoderWare has not been classified as part of any of the already established ransomware families, and as a result, it can be considered as a unique crypto locker threat. When CoderWare encrypts a file, it appends '.DEMON' as a new extension to the file's original name. The threat then delivers a ransom note with instructions from the hackers both as text files and displayed in a pop-up window. The text files are named 'README.txt' and will be dropped in every folder that contains the encrypted data. The text from the pop-up window and in the text files is identical. According to the note, the cybercriminals responsible for unleashing the CoderWare Ransomware want to be...

Posted on November 27, 2020 in Ransomware

Firestarter Trojan

The Firestarter Trojan is a new Android loader malware that abuses the legitimate Firebase Cloud Messaging (FCM) service to communicate with its Command-and-Control (C2, C&C) infrastructure. Firebase is a subsidiary of the tech giant Google, and their FCM service is a cross-platform cloud tool for messages and notifications for Android, iOS, and other Web applications. The Firestarter Trojan was detected as part of the operations of the advanced persistent threat group called DoNot. The malware threat showcases DoNot's efforts to bolster the persistence of their footholds established on the compromised devices. It also demonstrates the hackers' ability to adopt new techniques and implement them into their malware tools quickly. DoNot's primary focus has remained on the South Asia region and, more specifically, India and Pakistan...

Posted on November 27, 2020 in Trojans


Hyperlinksearch.net is a browser hijacker designed to promote the fake search engine Hyperlink Search. To achieve their goal and have a broad reach, threat actors have made this Potentially Unwanted Application (PUA) capable of affecting all popular browsers. Once installed on a device, Hyperlinksearch.net undertakes some crucial modifications in the browser's settings: it changes the homepage, new tab address, and default search engine, replacing them with the fake search URL – hyperlinksearch.net. After infecting a system, Hyperlinksearch.net launches on every browser startup and redirects all the user searches through its own search engine. That generates artificial traffic and advertising revenue for its creators while putting users' online safety at risk. As fake search tools like this one cannot conduct an independent search,...

Posted on November 27, 2020 in Browser Hijackers


Psalrausoa.com is a mostly empty website that is designed to perform a singular function - tricking unsuspecting users into initiating a browser-based tactic. By displaying various fake alerts or error messages, the website tries to convince its visitors to click the 'Allow' button. No matter what the exact text of the alerts may state, clicking 'Allow' will only result in the website receiving the necessary browser permissions to carry out its agenda. Psalrausoa.com is far from being a unique occurrence, in fact, the opposite is true, with countless tactic websites virtually identical to it being brought into existence daily.  When unsuspecting visitors land on Psalrausoa.com, they will be greeted by a progress bar that is currently buffering. Prominently displayed below it will be the following message: 'Click the Allow button to...

Posted on November 26, 2020 in Browser Hijackers


Mainchargenews.com is a deceptive website created with a singular purpose in mind - to conduct a browser-based tactic. The scheme enacted by Mainchargernews.com is extremely popular among fraudsters, with countless sites almost identical to it emerging daily. The goal is pretty simple - to trick the user into subscribing to the site's push notification services. As a result, affected users will be subjected to a stream of unsolicited advertisements being delivered directly to the screen of their device.  The tactic employed by Mainchargenews.com is to pretend that a non-specified video cannot be played by showing a buffering symbol. If the visitors want to continue watching, they must click the 'Allow' button and fall right into the trap set up by the website. The prominently displayed message states:  'Click the Allow button to...

Posted on November 26, 2020 in Browser Hijackers


Tmanger is a Remote Access Trojan (RAT) tool used in attacks carried out by the Advanced Persistent Threat (APT) group known as TA428. The malware threat was first observed when deployed against targets in Japan, but it can easily be transferred to infect entities from Mongolia, the original target of the TA428 group, or Vietnam, a member of the Belt and Road initiative. The name of the threat - Tmanger, may be a mistyped version of Tmanager, a conjecture supported by several mistyped strings found in the underlying code of the trojan. Tmanger is comprised of three different parts, but they all share certain identical behavior and functions. The names of the components are SetUp, MloadDll, and Client. The SetUp file is the first to be executed and its tasked with establishing the persistence mechanism for the threat. Before that,...

Posted on November 26, 2020 in Malware

FileEngineering Ransomware

Two different versions of FileEngineering Ransomware has been observed to be unleashed in the wild. The two variants operate in a perfectly identical way - they aim to infiltrate users' computer systems, encrypt the files found there with an uncrackable cryptographic algorithm, and then extort their victims in exchange for the potential decryption of the locked data. The main and only differences between the two FileEnginerring Ransomware threats are the specific email address they leave to their victims as communication channels. Files encrypted by either of the two FileEngineering Ransomware variants will have their original names changed drastically. The threats will first append a string representing the unique ID designated to the PC user, followed by an email address that belongs to the hackers, and finally '.encrypted' as a new...

Posted on November 26, 2020 in Ransomware

BBtok Trojan

The BBtok Trojan is a new banking malware strain that has been deployed mostly against users in Mexico. The threat leverages a fileless attack approach to compromise users' devices. For its propagation vector, BBtok Trojan uses phishing emails carrying weaponized attachments consisting of a compressed package delivering threatening lnk files. The email is designed to appear as legitimate as possible, and they attempt to trick the recipient into starting the malware-laced lnk files resulting in the execution of a PowerShell script. Before the main BBtok Trojan component is delivered to the device, several setup stages must be cleared. First, when the initial threatening PowerShell script is activated, it downloads and executes a Loader payload written in .Net. The Loader then deploys the persistence mechanism of the threat by...

Posted on November 26, 2020 in Trojans

BlackRota Backdoor

BlackRota is a backdoor threat written in the Go programming language. BlackRota exploits an unauthorized-access vulnerability found in the Docker Remote API. The threat is capable of compromising both 64-bit and 86-bit architectures but works only on Linux systems. A unique feature of BlackRota is the heave-level of obfuscation that has been implemented by the hackers responsible for the threat. It is extremely rare for malware written in Go to feature such intensive obfuscation measures. In fact, the infosec researchers who analyzed BlackRota state that it is the most obfuscated Go malware they have encountered to date. After infiltrating its target, BlackRota establishes what the researchers called a 'geacon.' It represents a beacon through which the malware communicates with its Command-and-Control server to receive commands and...

Posted on November 26, 2020 in Backdoors


Virnews.club pop-ups are a scheme that sends unsolicited promotional content to users' computers or mobile phones. This browser-based scam operates through a rogue website named Virnews.club. There, the fraudsers acquire visitors' permission to send them messages through a misleading tactic. When users go to this website, it pretends to be loading some video content but, at the same time, it shows the following message: 'Virnews.club wants to Show notifications Click Allow to watch the video' Users are required to click on the 'Allow' button and agree to receive notifications if they wish to view the website's full content. Yet, Virnews.club has no videos to show, and its only purpose is to make users accept its browser notifications so it can run its harmful advertising campaigns. Pop-ups generated by Virnews.club can harm users'...

Posted on November 26, 2020 in Browser Hijackers


Enspread.top is an empty website promoted by adware threats and browser hijackers. Malware creators have developed that scam with the purpose of displaying promotional browser notifications straight on users' screens. Common for all schemes of that type is that people do not intentionally visit these pages. Instead, browsers compromised by Potentially Unwanted Applications or malicious ads on the Internet redirect users to such pages. As mentioned, Enspread.top has no content, however, it shows a series of misleading text messages, attempting to lure users into allowing browser notifications. The alerts that Enspread.top shows are a clickbait tactic that prompts users to click on a given 'Allow' button and subscribe to the scammers' pop-ups. In some cases, the website pretends to conduct a fake CAPTCHA robot test or directly launches a...

Posted on November 26, 2020 in Browser Hijackers
1 2 3 4 5 6 7 8 9 ... 1535