Malware Remediation Utility

  • Detect & remove the latest malware threats.
  • Malware detection & removal definitions are updated regularly.
  • Technical support & custom fixes for hard-to-kill malware.
* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Top Security News

Cybercriminals Are Still Taking Advantage of COVID-19 with Increased Attacks Microsoft unveiled its Asia Pacific findings from its latest Security Endpoint Threat Report for 2019, which shared that cybercriminals are making 60,000 COVID-19 themed phishing attempts daily....
Cybercriminals Sticking to Coronavirus and Financial Themes for Phishing Scams Summer is at its peak, and the online scammers are still doing whatever they can to take advantage of the uncertainty caused by the pandemic. Cyber-attacks are targeting businesses and consumers in...
Agencies Warn of Imminent Ransomware Cybercrime Threat to US Healthcare Sector Several agencies came out with a joint advisory on October 28 with stern warnings to the healthcare sector related to cybercrime. The advisory concerns an "imminent and increased cybercrime threat...

Top Articles

WebDiscover Browser

WebDiscover Browser screenshot

WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Posted on July 3, 2015 in Browser Hijackers

STOP Ransomware

STOP Ransomware screenshot

PC security researchers received reports of ransomware attacks involving a threat known as the STOP Ransomware on February 21, 2018. The STOP Ransomware is based on an open source ransomware platform and carries out a typical version of an encryption ransomware attack. The STOP Ransomware is distributed using spam email messages containing corrupted file attachments. These file attachments take the form of DOCX files with embedded macro scripts that download and install the STOP Ransomware onto the victim's computer. Learning how to recognize phishing emails and avoiding to download any unsolicited file attachments received is one of the ways to avoid these attacks. How to Recognize a...

Posted on February 26, 2018 in Ransomware

How to Fix Mac Error Code 43 When Copying Files

How to Fix Mac Error Code 43 When Copying Files screenshot

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

Posted on January 30, 2019 in Computer Security


Newsbreak.com screenshot

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

Posted on February 3, 2020 in Browser Hijackers

APT Attack Spreads Malware Using Coronavirus Theme

APT Attack Spreads Malware Using Coronavirus Theme screenshot

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

Posted on March 16, 2020 in Computer Security

.HOW Ransomware

.HOW Ransomware screenshot

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

Posted on June 29, 2020 in Ransomware

Zeus Trojan

Zeus Trojan screenshot

The Zeus Trojan is the most widespread and common banking Trojan today. There are countless variants of the Zeus Trojan, also known as Zbot and Zitmo. There are regional variants that target computers in specific areas of the world as well as mobile-specific variants designed to attack mobile operating systems such as Android or BlackBerry platforms. In all cases, the Zeus Trojan is used to steal banking information. This dangerous malware infection can be used to steal account names and numbers, banking account passwords, and credit card numbers. The Zeus Trojan can also be utilized to capture particular information that can then be used to steal a victim's identity. ESG security...

Posted on March 27, 2006 in Trojans

Top 5 Popular Cybercrimes: How You Can Easily Prevent Them

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Posted on October 12, 2010 in Computer Security

Search Marquis

Search Marquis screenshot

Search Marquis is a Mac utility that disguises itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a shady browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) is to sneak stealthily into Mac computers and generate revenue for its operators. This happens through a number of intermediate redirects through various dubious domains before displaying Bing.com results. Once installed on a Mac computer, this browser hijacking tool starts to modify options in the user's browser. It sets http://www.searchmarquis.com as...

Posted on June 9, 2020 in Browser Hijackers, Mac Malware

More Articles

Cybercrooks Attack COVID-19 Vaccine Cold Chain Organizations

Cybercrooks Attack COVID-19 Vaccine Cold Chain Organizations screenshot

Although many public and business entities across the globe may already be on the verge of creating an effective COVID-19 vaccine, they also need to figure out how to deal with the logistic challenge of keeping doses at freezing conditions throughout the supply chain distribution. On top of everything else, COVID-19 cold chain developers have become subject to a new cyberattack designed to harvest login credentials for potential future benefits. The attack — a phishing email campaign currently unfolding in Western Europe, South Korea, and Taiwan — aims to strike organizations presently focused on inventing the technology that would allow COVID-19 vaccines to retain their potency...

Posted on December 4, 2020 in Computer Security


Rdebritone.space is yet another mostly empty website created just for carrying out a popular browser-based tactic. Countless websites virtually identical to Rdebritone.space have already flooded the Internet, and undoubtedly countless more will be unleashed in the future. They all operate in the exact same manner - through various manipulative and deceptive social-engineering tactics, visitors are tricked into clicking the 'Allow' button. No matter what the fake alert or error messages displayed by the tactic websites may have claimed, the truth is that clicking the button will subscribe the user to that particular website's push notification services. Rdebritone.space relies on the most common tactic among this type of misleading websites. It pretends to be conducting a bot captcha check by prominently displaying the following...

Posted on December 4, 2020 in Browser Hijackers


Tec-smartphone.com has nothing to do with either tech or smartphones, despite what its name may suggest. Instead, the website is a vehicle for conducting a popular browser-based tactic. What it aims to do is display a misleading and deceptive fake alert or error messages that all try to convince the unsuspecting visitors to click the 'Allow' button. Doing so will grant the tactic website all of the browser permissions required for it to start executing its true function - the delivery of unsolicited advertisements to the affected device. The tactic chosen by Tec-smartphone.com is to pretend to be conducting a bot captcha check. It would display to its visitors an image of a confused robot accompanied by a prominently displayed message that states: 'Click Allow if you are not a robot' Following the instruction will result in the...

Posted on December 4, 2020 in Browser Hijackers


Wizardclick.site is a deceptive website that tries to trick users into falling for a popular browser-based tactic. Countless virtually identical websites that are all dedicated to performing the same scheme are already present on the Internet. By employing various manipulative social-engineering tactics, these websites attempt to push users into clicking the 'Allow' button by using different fake pretenses. The truth is that clicking the button will subscribe the unsuspecting visitor to the specific website's push notification services. The result of this, in practice, is that the misleading website, Wizardclick.site, in this case, will be provided with all of the browser permissions it requires to start generating intrusive advertisements directly on the affected device's screen. The advertisements themselves may represent a...

Posted on December 4, 2020 in Browser Hijackers


While its name may suggest that LivePDFSearch will provide users with a more convenient and easy to conduct PDF searchers, the true purpose of the application is to act as a browser hijacker and generate artificial traffic towards its sponsored address. Users will feel the impact of having LivePDF Search installed on their computer systems almost immediately - the application wastes no time and takes control over certain browser settings. Users will notice that the homepage, new page tab, and the default search engine are no longer what they used to be. Instead, all three of these settings will be modified to open the feed.livepdfsearch.com address, a fake search engine. As a result, wherever the browser is simply opened, or a search query is initiated, it would immediately drive traffic towards the fake engine. And...

Posted on December 4, 2020 in Potentially Unwanted Programs

Xenon Stealer

As its name suggests, Xenon Stealer is a new data stealer threat that has been discovered to be offered for purchase on underground hacker forums. The user who created Xenon Stealer's post has previously done the same for another malware threat called Zenon Clipper. According to the description, Xenon Stealer is a potent threat written in C#. It can harvest information such as passwords, cookies, browser history, autofill details, download history, maps, etc., from a wide range of Web browsers. Furthermore, it can collect sessions from desktop applications, including Discord, Telegram, Outlook, Pidgin, Dogs and Dogs+. Various system information also will be collected and transmitted to the attackers - IP address, geolocation, details about the specific computer system, etc. Clipboard contents also can be extracted and exfiltrated....

Posted on December 4, 2020 in Stealers


FickerStealer is a new infostealer threat offered as a MaaS (Malware-as-a-Service) on underground hacker forums. The threat was posted by a user going under the account name 'Ficker.' According to the post, FickerStealer is written on Rust with Assembly language. The server side panel that any potential 'clients' can use to control the threat was created using Rust for the backend and React for the frontend. The threat is advertised as being executed entirely in memory, minimizing the traces it leaves on the targeted computer system. The creators also claim to have built the threat from scratch without any code appropriation from other malware. If the description can be believed, FIckerStealer can harvest sensitive information from a wide range of sources. It can affect over 40+ Web browsers by stealing passwords, credit card details,...

Posted on December 4, 2020 in Stealers

PowerPepper Malware

PowerPepper is a new backdoor malware threat observed as part of the operations of an advanced persistent threat (APT) group named DeathStalker. This particular APT is believed to acting as a mercenary and offering its services to the highest bidder. The group was first detected in 2018 but is believed to have been established far earlier. The hackers from DeathStalker specialize mostly in carrying out espionage and data-theft campaigns targeting entities from Europe. However, DeathStalker victims from North and South America, as well as Asia, also have been identified. The group's malware toolkit consists of comparatively not that sophisticated threats but exhibits high levels of efficacy. PowerPepper fits that description quite nicely. The threat is capable of potent backdoor activities as it can execute remote shell commands...

Posted on December 4, 2020 in Malware

Snake Keylogger

Snake is a keylogger program whose primary functionality is to record users’ keystrokes and transmit collected data to the threat actors. An infection with Snake represents a major threat to affected users’ privacy and online safety, considering that this malware can extract all sorts of information virtually – usernames, passwords, other log-in credentials, banking/credit card data. According to researchers, Snake can also exfiltrate stored information from some of the most popular Internet browsers, email clients, and messaging platforms, including Google Chrome, Opera, Mozilla Firefox, Microsoft Outlook, Foxmail and others. Furthermore, the Snake Keylogger can make screenshots and extract data from the copy/paste buffer. After compromising the victim’s accounts, threat actors operating Snake could induce fraudulent financial...

Posted on December 4, 2020 in Keyloggers


Gkillegebre. space's primary goal is to run potentially harmful advertising campaigns. Its strategy includes tricking users into subscribing to browser notifications from the rogue website so that it can deliver sponsored content directly to users' computers. All pop-ups generated by Gkillegebre.space can lead to serious cybersecurity problems as they often redirect users to potentially unsafe websites that can infect their visitors with various malware threats. Furthermore, this tactic's creators could have injected corrupted scripts into their advertisements, making them capable of directly dropping malware on subscribers' devices. Gkillegebre.space exploits a simple tactic to convince users to accept its push-notifications. It displays a fake CAPTCHA-test for bots like the one below: 'Gkillegebre.space wants to Show notifications...

Posted on December 4, 2020 in Browser Hijackers


Global-support.space is a deceptive website created to promote online tactics and Potentially Unwanted Applications (PUA). So far, it targets iPhone users. However, the experts cannot rule out the possibility that the same tactic runs on other Apple devices as well. Global-support.space claims the user’s iPhone has been infected with malware and tries to lure people into downloading and installing a particular anti-malware tool that can remove the supposed infection. Malware experts warn that no website can actually detect any threats or other issues, and the only purpose of Global-support.space is to promote untrusty and harmful software products. Most users land on pages like this one after clicking on random ads that contain redirecting scripts. A typical message that Global-support.space displays is that viruses have been detected...

Posted on December 3, 2020 in Mac Malware

Division Search

Division Search is a browser hijacker designed to promote the fake search engine divisionsearch.com. This Potentially Unwanted Application (PUA) affects most popular Internet browsers, and it can cause severe cybersecurity and privacy issues. Once installed on a device, Division Search undertakes some specific modifications in the browser's settings: it sets its fake search tool's URL as the new homepage, new tab address, and new default search engine. These changes mean that each time the victim launches their browser, they will be forced to visit this unsafe website. Furthermore, Division Search will redirect all user searches through divisionsearch.com. This feature ensures that the malware generates artificial traffic and advertising revenue for its creators while putting users' online safety at risk. As fake search tools like...

Posted on December 3, 2020 in Potentially Unwanted Programs

Mixture Search

Mixture Search is a rogue program that malware researchers classify as a browser hijacker. Once a device gets infected with Mixture Search, this harmful tool modifies the installed browser's settings to promote its own fake search enginemixturesearch.com. After these unsolicited changes, the affected browser launches the malware's URL as the new homepage, new default search engine, and new tab address. Simultaneously, all user search queries are redirected through the hijacker's questionable search tool, sending users to sponsored third-party websites and generating advertising revenues for Mixture Search owners. As fake Web searchers do not have the technical ability to conduct independent searches, they present a results page through some legit search engine, like Bing or Yahoo. Researchers consider Mixture Search a Potentially...

Posted on December 3, 2020 in Potentially Unwanted Programs


The LAZPARKING Ransomware is a threatening cryptolocker threat capable of affecting individually targeted computer systems as well as all systems that are connected to an already compromised network. The behavior of the threat doesn't deviate significantly from what is considered to be the norm for its type. It uses strong encryption algorithms to effectively lock nearly all of the personal or business-related files stored on the infected target. It avoids tampering with any system-critical files as that may result in severe crashes, defeating the purpose of the threat. When it encrypts a file, the LAZPARKING Ransomware modifies its original filename by appending '.LAZPARKING-' followed by a string of characters specific for that particular victim. The instructions from the cybercriminals responsible for unleashing the threat is...

Posted on December 3, 2020 in Ransomware

IceRAT Malware

IceRAT is a peculiar malware strain that exhibits some rarely, or possibly never-before-seen, characteristics. The main aspect that sets this threat apart from the rest is that it is written in JPHP, a PHP implementation running on Java VM. Instead of the common Java .class files, JPHP uses .phb files. This makes a drastic difference in the detection of the threat as the number of anti-malware solutions that support .phb is extremely low. As for the capabilities of the threat, despite IceRAT literally having RAT (Remote Access Trojan) in its name, it acts as more of a backdoor malware and not one that gives the attacks remote control over the compromised system. It should be noted that being written in JPHP also created some unique challenges for the infosec researchers who tried to analyze the threat as there are no readily available...

Posted on December 3, 2020 in Malware
1 2 3 4 5 6 7 8 9 ... 1538