Herokuapp Virus

Parasite may reinstall itself multiple times if you don't delete its core files. We recommend downloading SpyHunter to scan for malicious programs installed with it. This may save you hours and cut down your time to about 15 minutes. 

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

How irritating is this problem? (3 votes, average: 5.00)


What is the Herokuapp Virus?

A lot of users have been concerned with what appears to be a Herokuapp “Virus”. In this article we’ll try to explain what Herokuapp.com actually is and why it has become a popular platform for spreading viruses. In our removal guide you’ll also discover the instructions on how to remove the actual threat installed on your computer. We’ll also touch other useful subjects, such as some advice on how to spot these kind of threats because they are able to infect your computer, as well as general advice on how to keep your PC safe.


The example Herokuapp interface

The Heroku service has nothing to do with the Herokuapp Virus!

The Heroku.com is actually a very popular and easy to use tool intended for people to create and upload their apps. A great many perfectly harmless gadgets are developed on Heroku from programmers across the globe. But then, why is the Herokuapp.com malware associated? Well, due to the nature of services it provides Heroku is allowed to host content on facebook. Additionally, everyone can make a free account on their site to develop his apps. Add these two things together and it immediately becomes apparent how Herokuapp.com malware be spread. The blame relies solely on the freeloading hackers and not on the platform itself.

The reason people mistake the Herokuapp as the Virus is because the service uses its own domain and DNS network. This means that things hosted in Heroku will always end with “.Herokuapp.com”. Note that especially if the address before this ending is gibberish it makes it look like as if Herokuapp.com is responsible for the Virus!

The Herokuapp facebook “Virus” is actually a third party malicious content that is only hosted on Heroku. Since code is regularly scanned for malicious activity there are not really Viruses either – most of the time its unwanted Adware, browser hijackers and other relatively harmless, but steal annoying to deal with programs and browser extensions. So far there has been no known attacks involving dangerous Viruses, such as ransomware, Trojan horses or the like. The most dangerous type of attack, which can be used, involves a type of online scam known as phishing. Phishing is usually done by using social engineering and not computer code. Usually this is achieved by taking the user to a cloned copy of a popular website (youtube, yahoo, etc) and make him log in to that site, stealing his account name and password in the process. Other valuable information, such as credit card and social security number can also be extracted, provided that the user doesn’t realize he’s getting scammed quickly enough.

The Herokuapp video service is a similar legitimate service, which can be hijacker for nefarious actions. Much like youtube, you can upload any kind of video you want (promotional, educational etc). The only difference between Heroku and youtube is that videos from the former could be directly shown in facebook.

How to keep your PC safe

Herokuapp.com is just one site that is allowed to host advertisements on Facebook and it is not even the biggest one. No hosting service is immune to Adware and browser hijackers and even phishing attempts. The most important thing to realize is that “There is no free lunch”. The most commonly used type of lure is some kind of free item, coupon or free participation in a lottery. Anyone who makes the mistake of falling for such a fake promise will be taken out of the safe Facebook environment and redirected to a third party site, where anything can happen.  The Herokuapp.com malware scam is just one way to do this.

Other possible (and popular) lures for the unwary include free emotes, sounds, apps or basically any other kind of boon.

Pay attention when installing software bundles

The oldest trick in the book involves grouping different programs inside one software installer. This Is not something you’ll typically see on Herokuapp, but it is something to be wary of nonetheless. Basically, when you decide to download and install some kind of programs and don’t pay attention to the installation process you may unwillingly give your consent to the installation of various (and unwanted) third part programs.

And now, for the instructions on how to remove various unwanted things installed via Heroku please proceed to our removal guide below.


Name Herokuapp
Type Various, Adware or Phishing
Danger Level Low to Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms Page redirecting from Herokuapp to someplace else, unwanted software download starting.
Distribution Method Facebook Ads, posts or shares. Heroku videos from Vimeo and other similar sites
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.


Herokuapp “Virus” Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Reveal All Hidden Files and Folders.

  • Do not skip this – The unwanted prograrm from Herokuapp may have hidden some of its files.

Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.


Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.



Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).


Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512 Remove unwanted additions added by Herokuapp from Internet Explorer:

Open IE, click IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove Herokuapp from Firefox:

Open Firefox, click mozilla menu ——-> Add-ons —-> Extensions.

pic 6

Find the adware/malware —> Remove.
Herokuapp from Chrome:

Close Chrome. Navigate to:

C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.

  • At this point the threat is gone from Chrome, but complete the entire guide or it may reappear on a system reboot.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are dangerous. Google them or ask us in the comments.


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Right click on each of the problematic processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Remember to leave us a comment if you run into any trouble!

Leave a Comment