Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.
* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Cybercriminals Are Still Taking Advantage of Covid-19 with Increased Attacks Microsoft unveiled its Asia Pacific findings from its latest Security Endpoint Threat Report for 2019, which shared that cybercriminals are making 60,000 COVID-19 themed phishing attempts daily....
Cybercriminals Sticking to Coronavirus and Financial Themes for Phishing Scams Summer is at its peak, and the online scammers are still doing whatever they can to take advantage of the uncertainty caused by the pandemic. Cyber-attacks are targeting businesses and consumers in...
Emotet Malware Uses US Election Campaign as Bait The notorious malware distribution vehicle Emotet has been back in business for a little over two months following a long break earlier this year. The subject line of one of the latest waves of...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

STOP Ransomware

STOP Ransomware screenshot

PC security researchers received reports of ransomware attacks involving a threat known as the STOP Ransomware on February 21, 2018. The STOP Ransomware is based on an open source ransomware platform and carries out a typical version of an encryption ransomware attack. The STOP Ransomware is distributed using spam email messages containing corrupted file attachments. These file attachments take the form of DOCX files with embedded macro scripts that download and install the STOP Ransomware onto the victim's computer. Learning how to recognize phishing emails and avoiding to download any unsolicited file attachments received is one of the ways to avoid these attacks. How to Recognize a...

Posted on February 26, 2018 in Ransomware

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security


Newsbreak.com screenshot

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

Posted on February 3, 2020 in Browser Hijackers

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

.HOW Ransomware

.HOW Ransomware screenshot

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

Posted on June 29, 2020 in Ransomware

Zeus Trojan

Zeus Trojan screenshot

The Zeus Trojan is the most widespread and common banking Trojan today. There are countless variants of the Zeus Trojan, also known as Zbot and Zitmo. There are regional variants that target computers in specific areas of the world as well as mobile-specific variants designed to attack mobile operating systems such as Android or BlackBerry platforms. In all cases, the Zeus Trojan is used to steal banking information. This dangerous malware infection can be used to steal account names and numbers, banking account passwords, and credit card numbers. The Zeus Trojan can also be utilized to capture particular information that can then be used to steal a victim's identity. ESG security...

Posted on March 27, 2006 in Trojans

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security

Search Marquis

Search Marquis screenshot

Search Marquis is a Mac utility that disguises itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a shady browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) is to sneak stealthily into Mac computers and generate revenue for its operators. This happens through a number of intermediate redirects through various dubious domains before displaying Bing.com results. Once installed on a Mac computer, this browser hijacking tool starts to modify options in the user's browser. It sets http://www.searchmarquis.com as...

Posted on June 9, 2020 in Browser Hijackers, Mac Malware

More Articles


Leefmylife.info is a mostly empty website created with a single purpose in mind - to proliferate a popular browser-based tactic. Every day more and more websites that are nearly identical to Leefmylife.info come into existence. They all share the same goal and, for the most part, employ the same deceitful tactics. Visitors who land on such a website are presented with various fake alerts or error messages that all try to convince them to click the 'Allow' button. The most common tactic is for the misleading website to pretend to be conducting a captcha check for bots. Leefmylife.info, however, has adopted a different strategy - it shows an error image and prominently displays the following message: 'Flash Player blocked this video Click "Allow" to play.' Following the instructions will have a different outcome, though, as clicking the...

Posted on November 24, 2020 in Browser Hijackers

Cvc Ransomware

The Cvc Ransomware is the latest malware threat to be spawned from the extremely prolific Dharma malware family. Indeed, it appears that despite its age, the Dharma Ransomware family is still as relevant among cybercriminals as ever, and new variants can be observed being unleashed in the wild almost daily. The Cvc Ransomware is such a variant precisely, as it shows little deviation or improvement compared to the other ransomware threats belonging to the family. The only characteristics that distinguish it from the rest are the specific emails used as a communication channel with the hackers behind the threat and the file extension for the encrypted files. When the Cvc Ransomware manages to compromise a computer, it proceeds to lock nearly all of the files stored on it with a powerful encryption algorithm effectively. MS Office files,...

Posted on November 24, 2020 in Ransomware


Malsmoke is the name given by infosec researchers to an attack campaign and the hacker group responsible for it. The attackers deployed infostealer malware threats to the computers of unsuspecting users. The initial attack chains involved exploit kits targeting Internet Explorer and Adobe Flash vulnerabilities to deliver the Smoke Loader dropper. Relying on vulnerabilities for software in its End-of-life cycle means that the potential target group is quite limited when the software in question can be considered obsolete, especially. So, the Malsmoke campaign decided to ditch its initial attack plan and substitute it with corrupted pop-up advertisements for fake Java update - with this tactic being capable of affecting Google Chrome, the most widely used Web browser. The dropped malware payload was also changed, with Malsmoke now...

Posted on November 24, 2020 in Malware


LaZagne is an open-source project designed to help users retrieve passwords for various software programs they may have forgotten. LaZagne is capable of obtaining passwords from Windows and Linux systems and has limited functionality even on Mac OS devices. While the application's intended purpose may have nothing nefarious about it, open-source projects such as this one can be appropriated and abused by threat actors to serve their evil-minded purposes easily. Indeed, LaZagne has been observed to be deployed as a post-exploitation payload deployed by Remote Access Trojan (RAT) threats. Certain sections of LaZagne's underlying code have also been taken and implemented as part of the Qealler Malware infostealer. When deployed on a computer, the application can retrieve passwords from 25 different browsers on Windows systems and ten on...

Posted on November 24, 2020 in Trojans


Klickmode.biz pop-ups is an Internet tactic that promotes various questionable products and services through an empty website. Websites like Klickmode.biz are typically pushed by a browser hijacker that redirects users to this and many other similarly harmful pages. Clicking on random advertisements also can open this untrusty website. The primary goal of Klickmode.biz is to make users subscribe to its browser notifications. Therefore it shows the following message: 'Klickmode.biz wants to Show notifications Your file is ready to download' Obviously, clicking on the presented green 'Download' button, in fact, subscribes the user to browser notifications from this rogue website. Subsequently, Klickmode.biz will start displaying excessive advertisements on all subscribers' screens, even if no browser is open currently. Klickmode.biz'...

Posted on November 24, 2020 in Browser Hijackers


The Luckwinner.site pop-ups is a tactic that delivers unsolicited advertising content to users' computers or mobile phone directly. It operates through a rogue website named Luckwinner.site, where it acquires visitors' permission to send them messages through a fraudulent tactic. When users go to this website, they see the following misleading message: 'Luckwinner.site wants to Show notifications Click the Allow button to subscribe to push notifications and continue watching' It looks like the website pretends to be loading some video file. However, to do that, it needs users to click on the 'Allow' button and agree to receive notifications. Obviously, Luckwinner.site does not have any useful content, and its only purpose is to make users accept its push notifications so it can run its harmful advertising campaigns. All advertisements...

Posted on November 24, 2020 in Browser Hijackers


AweCleaner is one of the numerous utility suites claiming to clean up macOS systems and improve their performance. Like other similar software, AweCleaner doesn’t have any significant functionality over what the user can do with macOS's native tools. AweCleaner includes a startup manager. This component has no advantages over the manager integrated in macOS. The original tool Apple integrates in its operating system can be accessed in System Preferences and give the user the same control over their startup items. It could be argued that it offers more control because it would allow the user to disable AweCleaner on startup, whereas AweCleaner will not. The lack of useful features alone doesn’t make AweCleaner malware. There is no evidence the program endangers the security of the machine it runs on. Still, a number of the most popular...

Posted on November 24, 2020 in Mac Malware, Potentially Unwanted Programs


Urtheredevo.top is a devious site designed to propagate a browser-based tactic. There are countless websites nearly identical to Urtheredevo.top and more are being created each day. The scheme is pretty simple - get the visitor who lands on the site to subscribe to its push notification services by tricking them into clicking an 'Allow' button. Various social-engineering tactics, fake error messages or alerts are employed as part of this tactic. The most popular deceit, and indeed the one used by Urtheredevo.top, is for the dubious website to pretend to be conducting a captcha check for bots. Visitors will be presented with the prominently displayed message - 'Click Allow to confirm you are not a robot!' Urtheredevo.top doesn't rely on this pretense solely, though, and also creates several alerts: 'pdced.urtheredevo.top wants to Show...

Posted on November 23, 2020 in Browser Hijackers

'LiteCoin Giveaway' Pop-Up Scam

'LiteCoin Giveaway' pop-up scam is a deceptive scheme run through dubious websites that attempt to trick users into sending LiteCoins to the crypto wallet address of the fraudsters. The websites promoting this tactic can be accessed from any device or computer. However, if users are experiencing an abnormal amount of redirects to such sites, their device may have adware or other Potentially Unwanted Programs (PUPs) installed on it. Visitors who land on the 'LiteCoin Giveaway' pop-up scam will be presented with what sounds like an amazing deal. Upon sending an amount of LiteCoins ranging between 3 LTC and 500 LTC to the provided 'contribution address' (the wallet of the fraudsters), users will then receive tenfold that amount back. At the current exchange rate of LTC, the contribution amount ranges from $250 to $40,000. As if that...

Posted on November 23, 2020 in Adware


PDFConverterSearchTool uses its supposed features that make finding suitable PDF converters much more comfortable as a lure to get users to install the application. Those who do, however, will realize that they have installed nothing more than a Possibly Unwanted Program (PUP) that has already taken control over their browsers almost immediately. Indeed, PDFConverterSearchTool is an application designed to promote the address of a fake search engine. It tampers with the user's Web browser settings and sets the homepage, new page tab, and default engine to open the pdfconvertersearchtool.com address. As a result, when the browser is simply opened, a new tab is initiated, or a search query is conducted, it will generate artificial traffic for the promoted address. In addition, pdfconvertersearchtool.com is considered fake due to its...

Posted on November 23, 2020 in Potentially Unwanted Programs


FindConverterSearch may attempt to entice users with talk about its supposed feature. The truth is that the application is little more than a browser hijacker. As such, its main goal is to promote a fake search engine by driving artificial traffic towards it. Users who either knowingly or not have FindConverterSearch installed on their computer will notice the consequences almost immediately. FindConverterSearch is designed to take over certain browser settings, modify them to its needs, and then prevent users from reverting them to their original state. The settings in question are the homepage, the new page tab, and the default search engine. All three will be set to open the promoted address findconvertersearch.com, which is a fake search engine. There are countless similar fake engines that cannot produce any search results on...

Posted on November 23, 2020 in Potentially Unwanted Programs

Dulgtv Ransomware

The Dulgtv Ransomware is a threatening malware that has been classified as a variant belonging to the Xorist Ransomware family. Although the Dulgtv Ransomware doesn't display any major improvements over the typical Xorist Ransomware threat, it is still a powerful threat that can effectively lock users out of their own computers. Upon infiltrating the targeted computer, the Dulgtv Ransomware will initiate its encryption process, which encompasses a wide range of file types such as MS Office files, PDFs, databases, audio and video files, photos, etc. Every encrypted file will have '.dulgtv' appended to its original filename as a new extension. The ransomware threat will then drop a set of instructions for its victims in the form of text files named 'HOW TO RESTORE YOUR FILES.TXT.' A copy of the ransom note-carrying file will be placed in...

Posted on November 23, 2020 in Ransomware

SWP Ransomware

The infamous Dharma family of ransomware threats has remained popular among cybercriminals as ever, with new variants based on it being discovered almost daily. One of the latest to be observed in the wild is named SWP Ransomware. As a variant of the Dharma Ransomware, the SWP Ransomware doesn't display any major deviation or improvements over its predecessors. The threat operates in a typical ransomware fashion locking its victims' computers with a potent cryptographic algorithm and then extorting them for money in exchange for the potential restoration. Indeed, the SWP Ransomware can affect numerous filetypes and render them inaccessible and unusable. It also changes the names of the encrypted files drastically, which is a common sight among Dharma variants. In SWP's case, an ID string that has been assigned to the specific victims...

Posted on November 23, 2020 in Ransomware

Decme Ransomware

The Decme Ransomware is a new malware threat that has been discovered by infosec researchers. The criminals responsible for unleashing the Decme Ransomware in the wild want to lock their victims' computers with a powerful cryptographic algorithm effectively and then extort them for a potential restoration. It should be noted that the Decme Ransomware is not a wholly unique threat - analysis reveals that it is a variant belonging to the VoidCrypt Ransomware family. As such, the behavior of the threat remains largely in line with what has been observed with previous VoidCrypt variants. When Decme Ransowmare infiltrates a computer successfully, it initiates its encryption process that affects a wide range of filetypes, including the most popular used ones such as MS Office files, audio, video, and picture files, PDFs, databases, etc....

Posted on November 23, 2020 in Ransomware


Cilmatchdow.top is an online tactic that promotes dubious products and services on the Internet. This fraudulent scheme's first step is to attract users to its website Cilmatchdow.top, which usually happens through unsolicited redirects by a browser hijacker or other similar pages. Once users open Cilmatchdow.top, they see a fake CAPTCHA-verification test message that is supposed to confirm that the visitor is not a robot. However, clicking on the 'Allow' button included in the text subscribes the users to browser notifications from this corrupted website. The banners and advertisements that will be displayed on subscribers' screens subsequently offer absolutely no benefits. On the contrary, they expose users to the risk of having their devices infected with severe malware threats by rerouting online traffic to potentially unsafe...

Posted on November 23, 2020 in Browser Hijackers
1 2 3 4 5 6 7 8 9 ... 1533