This page aims to help you remove “I have bad news for you”. Our removal instructions work for every version of Windows.

A new multipurpose piece of malware has recently been reported to the professionals from “How to remove guide”. The infection goes under the name of “I have bad news for you” and is an addition to the infamous Trojan Horse family. Released by a group of anonymous hackers, “I have bad news for you” is a tool that can negatively affect your system, files and overall virtual security in a number of ways and can benefit the people who are in control through various criminal activities. The Trojan has been detected to use quite deceptive distribution and infection methods which, unfortunately, seem to be highly effective because the number of its victims has been rapidly growing ever since the infectin got released. The criminals behind “I have bad news for you” may insert this infection in your system mainly when you visit websites that have been compromised or when you download and install apps and add-ons that contain the virus. Additionally, you may come across this Trojan when you interact with sketchy pages, click on malicious links and spam messages, open malicious emails and attachments  or click on different ads that have been injected with the harmful payload. Unfortunately, there are no particular symptoms which can draw your attention to the infection and indicate the presence of “I have bad news for you” inside your computer. This stealthiness helps the malware get down to its dirty business immediately after it sneaks inside the machine and carry out its agenda without being interrupted.

The information that we have at this moment is not enough to tell you what exactly “I have bad news for you” may target. This means that you must be prepared for anything – from unauthorized alteration to all the PC settings including the DNS settings, the Registry Editor keys, the web browser settings, and some vital system processes, to deletion of files and folders, replacement of different data and overall disruption of the smooth and proper functioning of the infected computer. Regardless of its agenda, one thing is clear – if you want to avoid any serious damage, you should remove the Trojan immediately.

Possible harmful effects

If not removed on time, the Trojan Horse can greatly mess up your system and destroy your entire computer. One of its most malicious capabilities may be to weaken the system’s security by creating backdoors and weak points. This helps other nasty infections such as Ransomware and Rootkits to easily compromise the machine without you being able to do anything about it. What is worse, the Trojan may block some of the features of the default antivirus program and may prevent it from effectively detecting and eliminating the danger. That’s why, in order to remove “I have bad news for you” and all of its associated files completely, you may need a professional removal tool or a trusted and detailed removal guide. If you don’t know where to start, feel free to check the instructions in the removal guide above first. Our advice is to combine the steps there with the suggested removal tool to have better chances of getting rid of the infection. The manual removal process usually requires some computing expertise or else you may end up corrupting and further damaging your system by deleting something that’s not supposed to get deleted. That’s why, if you consider yourself an inexperienced computer user, it may be better to use the automatic scanner from this page to see if it could find the virus for you and assist you with its removal.

SUMMARY:

Remove “I have bad news for you” Email Bitcoin Virus

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: The Hosts file

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the virus.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to “I have bad news for you” Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.