Herokuapp Virus


What is the Herokuapp Virus?

A lot of users have been concerned with what appears to be a Herokuapp “Virus”. In this article we’ll try to explain what Herokuapp.com actually is and why it has become a popular platform for spreading viruses. In our removal guide you’ll also discover the instructions on how to remove the actual threat installed on your computer. We’ll also touch other useful subjects, such as some advice on how to spot these kind of threats because they are able to infect your computer, as well as general advice on how to keep your PC safe.

Herokuapp Virus

The example Herokuapp interface

The Heroku service has nothing to do with the Herokuapp Virus!

The Heroku.com is actually a very popular and easy to use tool intended for people to create and upload their apps. A great many perfectly harmless gadgets are developed on Heroku from programmers across the globe. But then, why is the Herokuapp.com malware associated? Well, due to the nature of services it provides Heroku is allowed to host content on facebook. Additionally, everyone can make a free account on their site to develop his apps. Add these two things together and it immediately becomes apparent how Herokuapp.com malware be spread. The blame relies solely on the freeloading hackers and not on the platform itself.

The reason people mistake the Herokuapp as the Virus is because the service uses its own domain and DNS network. This means that things hosted in Heroku will always end with “.Herokuapp.com”. Note that especially if the address before this ending is gibberish it makes it look like as if Herokuapp.com is responsible for the Virus!

The Herokuapp facebook “Virus” is actually a third party malicious content that is only hosted on Heroku. Since code is regularly scanned for malicious activity there are not really Viruses either – most of the time its unwanted Adware, browser hijackers and other relatively harmless, but steal annoying to deal with programs and browser extensions. So far there has been no known attacks involving dangerous Viruses, such as ransomware, Trojan horses or the like. The most dangerous type of attack, which can be used, involves a type of online scam known as phishing. Phishing is usually done by using social engineering and not computer code. Usually this is achieved by taking the user to a cloned copy of a popular website (youtube, yahoo, etc) and make him log in to that site, stealing his account name and password in the process. Other valuable information, such as credit card and social security number can also be extracted, provided that the user doesn’t realize he’s getting scammed quickly enough.

The Herokuapp video service is a similar legitimate service, which can be hijacker for nefarious actions. Much like youtube, you can upload any kind of video you want (promotional, educational etc). The only difference between Heroku and youtube is that videos from the former could be directly shown in facebook.

How to keep your PC safe

Herokuapp.com is just one site that is allowed to host advertisements on Facebook and it is not even the biggest one. No hosting service is immune to Adware and browser hijackers and even phishing attempts. The most important thing to realize is that “There is no free lunch”. The most commonly used type of lure is some kind of free item, coupon or free participation in a lottery. Anyone who makes the mistake of falling for such a fake promise will be taken out of the safe Facebook environment and redirected to a third party site, where anything can happen.  The Herokuapp.com malware scam is just one way to do this.

Other possible (and popular) lures for the unwary include free emotes, sounds, apps or basically any other kind of boon.

Pay attention when installing software bundles

The oldest trick in the book involves grouping different programs inside one software installer. This Is not something you’ll typically see on Herokuapp, but it is something to be wary of nonetheless. Basically, when you decide to download and install some kind of programs and don’t pay attention to the installation process you may unwillingly give your consent to the installation of various (and unwanted) third part programs.

And now, for the instructions on how to remove various unwanted things installed via Heroku please proceed to our removal guide below.


Name Herokuapp
Type Various, Adware or Phishing
Danger Level Low to Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms Page redirecting from Herokuapp to someplace else, unwanted software download starting.
Distribution Method Facebook Ads, posts or shares. Heroku videos from Vimeo and other similar sites
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.


Herokuapp “Virus” Removal


Herokuapp Virus

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Herokuapp Virus

Reveal All Hidden Files and Folders.

  • Do not skip this – The unwanted prograrm from Herokuapp may have hidden some of its files.

Hold together the Start Key and R. Type appwiz.cpl –> OK.

Herokuapp Virus

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:

Herokuapp Virus

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

Herokuapp Virus

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Herokuapp Virus

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.

Herokuapp Virus

Herokuapp Virus

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).

Herokuapp Virus

Properties —–> Shortcut. In Target, remove everything after .exe.

Herokuapp Virus

Herokuapp Virus Remove unwanted additions added by Herokuapp from Internet Explorer:

Open IE, click Herokuapp Virus —–> Manage Add-ons.

Herokuapp Virus

Find the threat —> Disable. Go to Herokuapp Virus —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

Herokuapp Virus Remove Herokuapp from Firefox:

Open Firefox, click Herokuapp Virus ——-> Add-ons —-> Extensions.

Herokuapp Virus

Find the adware/malware —> Remove.
Herokuapp VirusRemove
Herokuapp from Chrome:

Close Chrome. Navigate to:

C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Herokuapp Virus

Rename it to Backup Default. Restart Chrome.

  • At this point the threat is gone from Chrome, but complete the entire guide or it may reappear on a system reboot.

Herokuapp Virus

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are dangerous. Google them or ask us in the comments.


Right click on each of the problematic processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.

Herokuapp Virus

Herokuapp Virus

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Remember to leave us a comment if you run into any trouble!


About the author


Violet George

Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

Leave a Comment