Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.
* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Cybercriminals Are Still Taking Advantage of COVID-19 with Increased Attacks Microsoft unveiled its Asia Pacific findings from its latest Security Endpoint Threat Report for 2019, which shared that cybercriminals are making 60,000 COVID-19 themed phishing attempts daily....
Cybercriminals Sticking to Coronavirus and Financial Themes for Phishing Scams Summer is at its peak, and the online scammers are still doing whatever they can to take advantage of the uncertainty caused by the pandemic. Cyber-attacks are targeting businesses and consumers in...
Agencies Warn of Imminent Ransomware Cybercrime Threat to US Healthcare Sector Several agencies came out with a joint advisory on October 28 with stern warnings to the healthcare sector related to cybercrime. The advisory concerns an "imminent and increased cybercrime threat...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

STOP Ransomware

STOP Ransomware screenshot

PC security researchers received reports of ransomware attacks involving a threat known as the STOP Ransomware on February 21, 2018. The STOP Ransomware is based on an open source ransomware platform and carries out a typical version of an encryption ransomware attack. The STOP Ransomware is distributed using spam email messages containing corrupted file attachments. These file attachments take the form of DOCX files with embedded macro scripts that download and install the STOP Ransomware onto the victim's computer. Learning how to recognize phishing emails and avoiding to download any unsolicited file attachments received is one of the ways to avoid these attacks. How to Recognize a...

Posted on February 26, 2018 in Ransomware

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security


Newsbreak.com screenshot

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

Posted on February 3, 2020 in Browser Hijackers

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

.HOW Ransomware

.HOW Ransomware screenshot

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

Posted on June 29, 2020 in Ransomware

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security

Search Marquis

Search Marquis screenshot

Search Marquis is a browser component that may disguise itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a shady browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) is to sneak stealthily into Mac computers and generate revenue for its operators. This happens through a number of intermediate redirects through various dubious domains before displaying Bing.com results. This Week In Malware Episode 36 Part 2: Why Your Web Browser is Redirecting to Search Marquis & and How to Stop It! Once installed on a Mac...

Posted on June 9, 2020 in Browser Hijackers, Mac Malware

More Articles


Mderedpro.top is a website tasked with a singular objective - to propagate a popular browser-based tactic. Visitors who land on it are subjected to various social-engineering tactics and tricks aimed at getting them to click on the 'Allow' button. Doing so will subscribe the user to the website's push notification services, which will result in the generation of various unsolicited advertisements. Mderedpro.top is just one of the countless virtually identical websites that are designed to conduct this particular tactic. It also utilizes the most popular scenario by pretending to be conducting a captcha check for bots. Anyone who lands on the website will see the prominently displayed message - 'Click Allow to confirm you are not a robot!' immediately. Other misleading alert messages also can be generated: Mderedpro.top says: 'CLICK...

Posted on January 25, 2021 in Browser Hijackers


Vercounsel.top is a mostly empty website, but don't let that fool you; its only reason for existing is to propagate a rather popular browser tactic. Vercounsel.top, and the myriad of websites virtually identical to it, abuse various social-engineering tactics to trick visitors into subscribing to their push notification services. The scheme's crux is for the user to click on the 'Allow' button resulting in the fraudulent website being granted all of the browser permissions it needs. Now, it can start generating various unwanted advertisements on the affected device. Disabling the browser will not be enough to stop the advertisements from appearing. Furthermore, users should avoid being tempted to click on any advertisements, as they could be redirected to suspicious third-party websites. There, they could be subjected to offers to...

Posted on January 25, 2021 in Browser Hijackers

Deathfiles Ransomware

The Deathfiles Ransomware belongs to a ransomware family that is not among the most popular among the cybercriminal community, called MedusaLocker Ransomware. That, however, in no way diminishes its ability to cause severe damage to any computer it manages to infect. Users affected by the threat will find themselves suddenly unable to access files that were perfectly fine mere moments ago. Those same files will now have '.deathfiles' appended to their original names as a new extension. The threat's ransom note is delivered inside files named 'Recovery_Instructions.html.' Victims of the Deathfiles Ransomware are instructed to initiate contact through one of two ways - by visiting a dedicated website set up by the hackers on the TOR network or sending an email to the two addresses provided in the note. The website can only be accessed...

Posted on January 25, 2021 in Ransomware

ZaToN Ransomware

Victims of the ZaToN Ransomware will have nearly all of their files encrypted with an uncrackable cryptographic algorithm. The hackers' goal is to then extort the affected users for money in exchange for the decryption key and software tool required for the restoration of the encrypted data. The ZaToN Ransomware is a new variant belonging to the Xorist Ransomware family that has been unleashed in the wild. When the threat locks a file, it modifies the original filename by appending '.ZaToN' as a new extension. When the encryption process is finished, the ZaToN Ransomware delivers its ransom note in three different forms. It generates a pop-up window, changes the default background with a new image, and drops text files named 'HOW TO DECRYPT FILES.txt' in all folders containing locked files. The instructions on all three places are...

Posted on January 25, 2021 in Ransomware

0l0lqq Ransomware

After analysis, the 0l0lqq Ransomware has been classified as a variant belonging to the TeslaCrypt Ransomware family. The threat doesn't deviate from what is considered the norm for variants of the TeslaCrypt Ransomware family. It initiates an encryption routine on every compromised system that leaves users unable to access their personal or business-related files. The hackers' goal is to then extort the victims for money in exchange for providing them with the decryption key and software tool needed for the restoration of the locked files. Files encrypted by the threat will have '.0l0lqq' appended to their original names as a new extension. Upon completing the encryption process, a ransom note containing instructions from the hackers will appear in the form of text files named 'RESTORE_FILES_INFO.txt.' According to the instructions,...

Posted on January 25, 2021 in Ransomware


Latin America continued to be the preferred ground for the deployment of banking Trojans. One such threat that has been active since at least 2018 and is still under active development is Vadokrist. Researchers analyzed the underlying code of the Vadokrist and found that it shares multiple features with several other banking Trojan families from the region, mainly Mekotio, Casbaneiro, Grandoreiro and Amavaldo. Still, several characteristics set Vadokrist apart from the rest. The first peculiar aspect of the threat is the inclusion of a substantial amount of unused code inside the binaries. The goal was most likely to boost the chances of the threat to avoid being detected while also extending the time needed for proper analysis of the code. Earlier Vadokrist versions stored strings inside a single string table, in a manner similar to...

Posted on January 25, 2021 in Trojans

DreamBus Botnet

Linux and Unix systems are under threat from a new powerful botnet named DreamBus. Researchers estimated that tens of thousands of systems might have been already compromised. One key factor contributing to DreamBus' potency is its worm-like capabilities to spread both through the Internet and laterally once inside the victim's private network. For now, the threat actor is content with deploying a crypto-miner payload, which also explains the preference towards infecting systems with powerful hardware components such as a beefy CPU and larger amounts of available memory. While the campaign has not been attributed to a specific hacker group, researchers analyzed the timestamps of the commands being sent to DreamBus and concluded that the cybercriminals are most likely either from Russia or an Eastern European country. DreamBus is Highly...

Posted on January 25, 2021 in Botnets

Discord Won't Open

Discord managed to turn itself from a niche VoIP (Voice over IP) application geared towards video gamers predominantly to a social platform with hundreds of millions of users with all sorts of interests. With numerous features that have been broadened through updates and patches steadily, the Discord application now offers a complete package of text-based channels, voice channels and streaming services. As with any application that is getting more sophisticated progressively, though, issues may arise. What of the more problematic is when the application simply refuses to start at all. Fortunately, a couple of easy solutions can address a wide variety of causes for this particular problem. For starters, switching between the browser version of Discord and the desktop application could cause issues with sessions or cookies. To remedy the...

Posted on January 25, 2021 in Issue

'Advance Payment Received' Email Virus

The 'Advance Payment Received' email virus represents a spam email campaign distributing a malware threat. The emails are crafted to appear as if a user's deposit payment has been accepted or pre-processed. The attached file supposedly contains the order details. To give themselves a bit more legitimacy, the emails end with contact details for Cox Enterprises, Inc., a global conglomerate operating in the automotive service, communication, and media industries. This is all fake, though, and Cox Enterprises, Inc is in no way connected to the dissemination of these corrupted emails. Indeed, no part of the information inside the emails is real. They are simply acting as a lure to get the targeted users to open the attached file - 'dep_det_3444608.docm,' resulting in the malware inside it being executed. The malware delivered through the...

Posted on January 22, 2021 in Adware

Phone Keeps Disconnecting and Reconnecting to Computer

The growing 'smart' phone industry has a small downside: the increasing complexity of phone software and its relationship to PCs. Users who find that their phones only temporarily connect to their PCs or experience connection stability problems usually can resolve them by themselves. Experts recommend checking the most commonplace software incompatibilities before moving to hardware inspection when troubleshooting. Unless there are significant bugs or compatibility issues, users should always have up-to-date drivers for all devices, including smartphones. The Device Manager includes an entry for Portable Devices, such as iPhones. Right-click the device and choose the update option for letting Windows identify and install the latest patch (or follow manufacturer instructions for manual downloads). Users also should check the Universal...

Posted on January 22, 2021 in Issue


Sterthreat.top is a deceptive website that tries to trick anyone who lands on it into subscribing to its push notification services. The website itself is virtually identical to the countless other websites that are also perpetuating this Web browser tactic. More and more such websites are emerging every single day, and the trend appears not to be slowing down. The main scenario run in this tactic, and the one employed by Sterthreat.top, is to pretend to conduct a captcha check for bots. Prominently displayed across the webpage is a message similar to: 'Click ALLOW to confirm that you are not a robot!' In addition, several fake alerts or error messages also can be generated. One such example is - 'Sterthreat.top says: CLICK ALLOW TO CLOSE THIS PAGE.' Users who fall for the trap will be subjected to a stream of unwanted advertisements....

Posted on January 22, 2021 in Browser Hijackers


Luckhours.com is a mostly empty website dedicated to the propagation of a popular browser tactic. It tries to trick visitors into subscribing to its push notification services by employing various manipulative and deceptive social engineering tactics. In practice, this is achieved by baiting users into clicking the 'Allow' button. Several fake alerts or error messages are usually displayed, each asking users to click the button. Doing so will grant Luckhours.com the browser permissions it requires to start executing its main function - the delivery of unwanted and intrusive advertisements to the affected device. One tactic that has been used by Luckhours.com is to display a video window with a buffering icon in the middle. The site displays the message - 'Click Allow to continue' prominently. While it is questionable if a video would...

Posted on January 22, 2021 in Browser Hijackers

EnCryp13d Ransomware

The EnCryp13d Ransomware is a file-locking Trojan from the family of the Xorist Ransomware. The EnCryp13d Ransomware blocks the user's digital media, such as documents, with XOR or TEA encryption that keeps them from opening and delivers pop-up and text ransom notes. Users can back their work up for free recovery or use a freeware decryptor, and always should remove the EnCryp13d Ransomware with anti-malware tools as soon as they're able. Heading Back to the Days of Freeware in the Worst Ways Initially, freeware or 'free software' has its origin as a way of demoing games or testing alternatives to possibly-expensive tools like graphics suites. The fragmentation of the file-locker Trojan industry creates a new meaning that's just for black hat hackers. The EnCryp13d Ransomware, newly-identifiable, is a variant of the code from the...

Posted on January 22, 2021 in Ransomware

LuckyBoy Malware

The LuckyBoy Malware is a Trojan that redirects the user's browsers to corrupted sites, such as fake update domains, and gives attackers information to compromise the device. The LuckyBoy Malware targets victims through malvertising (or 'corrupted advertising') content for mobile and gaming environments such as Android, iOS and Xbox. Owners of at-risk devices can protect them with up-to-date and credible security solutions that are prepared to remove the LuckyBoy Malware and should monitor their Web-surfing for symptoms of website redirects. Unlucky Gamers and Phone Owners in this Trojan's Campaign Although most Trojans malware researchers see are Windows-favoring, there are exceptions to the rule, like the WireLurker Trojan downloader, the inaccurately-named FakeSpy, and the newest case in question: the LuckyBoy Malware. With a name...

Posted on January 22, 2021 in Malware

Dovecat Malware

A new crypto-mining malware strain has been leveraged against NAS (Network-attached storage) devices belonging to the Taiwanese hardware vendor QNAP. Details about the operations were unveiled by the company itself in a security advisory. QNAP first became aware of the threatening campaign after customers discovered two suspicious processes named 'dovecot' and 'dedpma.' The processes were taking up a significant portion of the available resources and were constantly running in the background. After conducting an investigation into the issue, QNAP discovered the new malware strain and named it Dovecat. The Dovecat Malware appears to be designed to target QNAP's devices specifically. One example is the attempt to disguise one of the malware's processes by using a name similar to Dovecot, a legitimate email daemon distributed alongside...

Posted on January 22, 2021 in Malware
1 2 3 4 5 6 7 8 9 ... 1558