Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.
* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Cybercriminals Are Still Taking Advantage of Covid-19 with Increased Attacks Microsoft unveiled its Asia Pacific findings from its latest Security Endpoint Threat Report for 2019, which shared that cybercriminals are making 60,000 COVID-19 themed phishing attempts daily....
Cybercriminals Sticking to Coronavirus and Financial Themes for Phishing Scams Summer is at its peak, and the online scammers are still doing whatever they can to take advantage of the uncertainty caused by the pandemic. Cyber-attacks are targeting businesses and consumers in...
Hackers Exploiting Coronavirus Fears To Push Malware As the Covid-19 pandemic goes into full swing, we see increasing numbers of hackers and nation-state actors trying to exploit the global fears for their own gains, spreading malicious software...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security


Newsbreak.com screenshot

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

Posted on February 3, 2020 in Browser Hijackers

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

.HOW Ransomware

.HOW Ransomware screenshot

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

Posted on June 29, 2020 in Ransomware

IT Ransomware

IT Ransomware screenshot

IT Ransomware is a brand-new data-locking Trojan that appears to be a rather basic project. This file-locker is also known as the CobraLocker Ransomware. Despite not being a very high-end threat, the IT Ransomware is fully capable of causing significant damage to its targets. Unfortunately, the IT Ransomware does not appear to be decryptable for free. Propagation and Encryption Threats like the IT Ransomware often go after a variety of filetypes that are likely to be present on the system of every regular user. This means that the IT Ransomware will not spare any images, documents, presentations, databases, spreadsheets, archives, audio files, videos and other filetypes that are common....

Posted on July 9, 2020 in Ransomware

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security

Windows Active Guard

Windows Active Guard screenshot

Windows Active Guard is a malware program that belongs to the FakeVimes family of fake security software. Windows Active Guard carries out a common online scam that involves pretending to be a real security program in order to convince inexperienced computer users that they must pay for an expensive 'upgrade'. Since there are no real anti-malware capabilities on Windows Active Guard and it is, in reality, a malware infection itself, ESG malware researchers strongly recommend ignoring all of Windows Active Guard's warnings and removing this bogus security program with a reliable anti-malware application. Windows Active Guard's Family of Rogue Security Programs Malware in the family has...

Posted on July 23, 2012 in Rogue Anti-Spyware Program

Search Marquis

Search Marquis screenshot

Search Marquis is a Mac utility that disguises itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a malicious browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) that sneaks stealthily into Mac computers is to generate revenues for its operators by popularizing the search engine Bing.com on Mac Safari browser. This happens through a number of intermediate redirects through various dubious domains. Once installed on a Mac computer, this browser hijacking tool starts to modify crucial changes on the user's...

Posted on June 9, 2020 in Browser Hijackers, Mac Malware

More Articles


Kangstools.com is an unsafe website dedicated to the propagation of a browser-based scheme. The goal pursued by Kangstools.com is to generate revenue for its creators by deceiving users into subscribing to its push notifications. Anyone who fails to notice the red flags will then start to suffer from various unwanted advertisements being generated on the screen of the device directly. This tactic relies on social-engineering tricks to be successful. The most common case is making the unsafe websites present the users with supposed bot captcha checks and ask their visitors to click the 'Allow' button to prove they are, in fact, not robots. Kangstools.com, however, has chosen a different trick - it displays a black screen with a buffering icon with the message 'Click Allow to continue,' which will be placed underneath. All those who let...

Posted on September 25, 2020 in Browser Hijackers


Pragatimeg.com may seem like an innocent website, but it is actually a vehicle for a browser-based tactic. Its main purpose for existing is to deceive unsuspecting users into subscribing to its push notification services. If successful, Pragatimeg.com will then start generating monetary gains for its creators by delivering unsolicited advertisements to the screen of the affected device directly. The main method of fooling the visitors is through social-engineering tricks. Pragatimeg.com will show several fake alert messages that will pray on people's curiosity, or will simply rely on the users not paying to much attention. For example, visitors may see a black image with a buffering icon accompanied by the text - 'Click Allow to continue.' Following the instructions and clicking t 'Allow' button will not result in any video starting to...

Posted on September 25, 2020 in Browser Hijackers


AnyStationSearch is considered to be a browser hijacker application - once installed, it will change certain browser settings and prevent them from being reverted to their original state. It is recommended to remove AnyStationSearch, as well as any similar application, as soon as you notice their presence. Usually, users do not go out looking for browser hijackers to install on their devices. Instead, these applications rely on misleading distribution tactics to propagate themselves. One of the most used methods is called 'bundling' - the option to opt-out of installing the specific browser hijacker application is hidden under several menu layers inside the installation process of another more popular freeware program. Such dubious methods are being employed, justifying the classification of these applications as Potentially Unwanted...

Posted on September 25, 2020 in Potentially Unwanted Programs


ConverItSearch is a typical browser hijacker application dedicated to promoting and generating traffic towards a fake search engine. All other features that it may boast having could be considered as barely functional. In most cases, users do not install applications such as these willingly. Instead, the browser hijackers propagate through dubious distribution methods where they hid their installation inside the installer of another more popular program. Some may even pose as an update for popular free software. As a result, most cybersecurity experts categorize these applications as Potentially Unwanted Programs (PUPs). No matter how ConvertItSearch managed to install itself onto the user's device, it will proceed to take over certain browser settings. The homepage, new page tab, and the default search engine will be set to open...

Posted on September 25, 2020 in Potentially Unwanted Programs

Exorcist 2.0 Ransomware

A new and improved version of the potent Exorcist Ransomware threat has been detected in the wild by infosec experts. Called the Exorcist 2.0 Ransomware, it displays some departures from the original malware's behavior, but, for the most part, has remained the same with little deviation. Once inside the targeted computer, the Exorcist 2.0 Ransomware initiates its encryption process and proceed to block users from accessing their personal or business files. Nearly all of the most used filetypes are affected - audio and video files, databases, spreadsheets, documents, etc. The Exorcist 2.0 Ransomware, like its predecessor, the Exorcist Ransomware, appends a random string of characters, specific to the current victim to every encrypted file. The same string also is used in the name of the file containing the ransom note dropped by the...

Posted on September 25, 2020 in Ransomware

Mount Locker Ransomware

A new ransomware threat being weaponized against business organizations has been detected by infosec researchers. Called the Mount Locker Ransomware, this piece of malware has been equipped with several new tricks when the end goal is to extort money from its victims. The Mount Locker Ransomware Demands Millions for Decryption The hackers behind the Mount Locker Ransowmare target business entities primarily. They breach the corporate network of their victims and deploy the Mount Locker Ransomware threat. Once inside, the Mount Locker Ransomware proceeds to lock the files stored on the computer, as well as any connected storage devices with an uncrackable combination of encryption algorithms. Before that, however, the Mount Locker Ransomware exfiltrates huge chunks of the victim's data and threatens to start leaking it on a website...

Posted on September 25, 2020 in Ransomware

TNT EXPRESS' Email Virus

The 'TNT EXPRESS' email virus is a spam e-mail campaign designed to distribute the Agent Tesla RAT (Remote Administration Trojan). The fraudulent messages sent under this campaigned are disguised as e-mails from the popular international courier TNT Express, which is where the name of this campaign comes from. The 'TNT EXPRESS' email virus' e-mails usually have the 'Consignment Notification: You Have A Package With Us"' in the Subject line or some other text with similar implications. According to the message's deceptive text, the recipients have some goods that need to be delivered by TNT, and they need to open and review the attached documents (named 'Shipping Document PP&BL Draft.r00' or similar) to close up the delivery process. Yet, instead of containing important data, the attached file downloads and installs Agent Tesla...

Posted on September 25, 2020 in Adware


Infrarotscreening.com is a website designed to promote questionable content on the Internet. This website's advertisements may look like warnings from an anti-virus program that says your license has expired or may resemble attractive offers from banks or other institutions. Infrarotscreening.com also promotes online games, PUPs, fake software updates or adult pages. In any case, users who see unwanted pop-ups or banners on their screen or while surfing the Internet should check their systems through a reputable anti-malware tool, as these messages also may come from adware installed on their computers. Users typically land on this unsafe page after being redirected by other similar pages or a browser hijacker that has modified their browser settings. Clicking on random advertisements or banners on unsafe pages also can lead to...

Posted on September 25, 2020 in Browser Hijackers


Somenwesabout.com is an unsafe website designed to carry out a browser-based scheme. By employing various social-engineering tactics, it attempts to trick unsuspecting users into subscribing to its push notification services. The end goal is to start delivering unwanted advertisements to the screen of the affected devices directly. Upon landing on Somenwesabout.com, visitors will notice that the site has generated several alert or error messages. They are all fake. Their only purpose is to convince the visitors to click the 'Allow' button. The text of these alerts may vary from user to user, but it could be a variation of a buffering icon accompanied by a message similar to 'Press the Allow button to continue.' The majority of websites dedicated to the propagation of this scheme type pose as bot captcha checks stating that users have...

Posted on September 24, 2020 in Browser Hijackers


AnalyzerSkill is a browser hijacker dedicated to the promotion of a fake search engine. The application is designed to target Mac users, specifically. As most current browser hijackers, though, it also has been equipped with various adware capabilities. Applications such as AnalyzerSkill, due to the deceptive distribution methods they employ, such as 'bundling' or posing as updates for other more legitimate software programs, also are considered as Potentially Unwanted Programs (PUPs). If AnalyzerSkill has managed to sneak its way onto a user's computer, it will then proceed to change several browser settings immediately - the homepage, new page tab, and the default search engine to open the address promoted by the application most notably. As a result, every time the affected browser is started, it will generate traffic towards the...

Posted on September 24, 2020 in Mac Malware

TRAPGET Ransomware

The TRAPGET Ransomware is a malware threat that can take as hostage all of the data stored on the victim's computer effectively. The TRAPGET Ransomware, a variant of NEFILIM, achieves its threatening goal by employing encryption algorithms strong enough to be uncrackable virtually. In most cases, when a ransomware threat is involved, the only way to restore the locked files is through the decryption key that only the hackers possess. In rare instances, the infosec community has managed to find a major bug or flaw in the underlying code of the ransomware, which has led to the creation of a free decryption tool for scrambled data. Unfortunately, there is no such tool for TRAPGET. Victims of TRAPGET will notice that nearly all of their private or business files have a new extension appended to their original filename suddenly -...

Posted on September 24, 2020 in Ransomware

CRPTD Ransomware

The CRPTD Ransomware is a crypto locker threat that so far has not been attributed to be part of any existing ransomware family. That, however, doesn't mean that CRPTD deviates from what is considered a typical ransomware behavior. After infiltrating the targeted compute, it initiates its encryption process that will render nearly all of the files stored on the system to become inaccessible and unusable. Victims will find themselves 'locked out' of their own fi suddenly. The name of every encrypted file will be modified to include '.CRPTD' as a new extension. The ransom note with instructions from the hackers will be dropped in the form of .hta files named 'Recover files.hta.' Affected users are told to send an email containing the unique ID number assigned to their computers, as well as attaching three encrypted files. The files have...

Posted on September 24, 2020 in Ransomware


OldGremlin is the name given to a new hacker group whose operations were discovered by cybersecurity experts. So far, OldGremlin's activities have been localized relatively, targeting Russian organizations only. With the hackers belonging to OldGremlin appearing to know fluent Russian, it appears that they are not adhering to the rule that even other bigger hacker groups follow - not to target Russian or Post-Soviet countries. One explanation could be that OldGremlin is leveraging their significant knowledge about Russia's current affairs to better position their spear-phishing attempts to succeed, while also fine-tuning their attack methods and malware tools. OldGremlin Quickly Adapt Current Events for Phishing Attacks Indeed, in the several threatening campaigns that have been detected, the group has displayed considerable knowledge...

Posted on September 24, 2020 in Malware

Alien Malware

Security researchers have discovered a new strain of the Android Trojan malware. They dubbed the malware with the name Alien and managed to analyze its underlying code to understand better its behavior and how it functions. First, however, it must be noted that Alien malware is being offered as Malware-as-a-Service (MaaS) on underground hacker forums. As a result, a specific distribution method and attack vector couldn't be established, as they both depend on each hacker group's preferences. Still, it appears that the most common methods are through phishing pages that offer either fake Corona-related applications or fake software updates. Another utilized distribution method is through SMS - Alien collects the contact list of the infected device and uses it to spread its threatening campaign further.  Alien Is Taking the Space Left by...

Posted on September 24, 2020 in Malware

New Anubis Data-Stealing Malware Targets Cryptocurrency

New Anubis Data-Stealing Malware Targets Cryptocurrency screenshot

Cryptocurrency has been mainstream for years. Like with everything else of value, there are people trying to steal it. Cybercriminals have come up with various ways to try to get their hands on cryptocurrency. Microsoft has warned the public of one more threat to their crypto wallets. This new malware is called Anubis Stealer, suspected as a variation of Anubis Ransomware and the Anubis Trojan, and it targets the wallets of Windows users. A new info-stealing malware we first saw being sold in the cybercriminal underground in June is now actively distributed in the wild. The malware is called Anubis and uses code forked from Loki malware to steal system info, credentials, credit card...

Posted on September 24, 2020 in Computer Security
1 2 3 4 5 6 7 8 9 10 11 1,507