Remove “I have bad news for you” Email Bitcoin Virus (Sept. 2019 Update)

How irritating is this problem? (7 votes, average: 5.00)

This page aims to help you remove “I have bad news for you”. Our removal instructions work for every version of Windows.

Many security experts have recently been warning about a popular email bitcoin scam, which could be related to a specific type of a Trojan Horse infection, named “I have bad news for you”. Typically, such emails are just a scam and only aim to trick you. However, if you have opened and interacted with such a message, it is not excluded that its creators might have inserted malicious code that you might have triggered the moment you have clicked the message. That’s why it is a good idea to check your system for hidden malware by running a full scan with a reliable tool.

“I have bad news for you” is a very sneaky Trojan Horse infection which may get inside your system without you noticing it. Many users have recently had their computers compromised by this newly detected threat and that’s why, on this page, we decided to provide everyone that needs assistance with a reliable “I have bad news for you” removal tool and a manual removal guide. The information that you will find below contains useful steps about the correct detection and the effective elimination of this nasty Trojan as well as some general information about the malicious capabilities of the malware and its possible harmful uses. In case you are wondering how  a threat like “I have bad news for you” could have sneaked inside your PC, you should know that such an advanced form of malware can trick you in many ways. What is more, being a typical Trojan, this threat can be disguised as almost anything. According to the information that we have, the majority of the infections happen when users click on intriguing spam messages or malicious emails with harmful attachments. However, the contamination might happen even after a single click on some sketchy advert coming from a shady website or a misleading pop-up link or by visiting phishing sites or downloading compromised files and software. That’s why, even if you generally try to stay away from the typical virus transmitters (such as pirated content, free setup packages or adult sites), there is absolutely no guarantee that you won’t ever bump into a possible malicious carrier without knowing it. “I have bad news for you” may infect you instantly, the very moment you get tricked into interacting with one of its numerous infected transmitters. Luckily, since you are on this page, you most probably already know that you have been compromised and now the challenge is to safely remove the infection before it manages to cause any serious harm. The fast and effective elimination of such an advanced Trojan, however, will require your full attention and caution. That’s why we suggest you carefully study the instructions below and use the assistance of a dedicated malware removal tool for optimal results.

How bad an infection with “I have bad news for you” might be?

The reason we urge you to immediately take actions against “I have bad news for you” and remove it is because the longer it remains on the system, the greater the damage that it might cause. And, unfortunately, we cannot tell you exactly how bad the consequences of the infection could be because it is typical for the Trojan-based threats to be very versatile. They may be programmed to perform specific criminal actions one after the other, which means that they can put your computer and your personal information in great danger while causing various issues on the OS. Most new Trojans, possibly including “I have bad news for you”, may silently focus on performing actions of theft, espionage, fraud, system corruption and even virus insertion, without indicating any suspicious activity. They may steal all sorts of sensitive information from the infected computer, modify, replace or delete its data and secretly inject a Ransomware or a Spyware into the system, which can further blackmail and harass the victims. Sadly, without a reliable antivirus program which can scan the system for hidden malicious activities, it can sometimes be highly unlikely to notice and effectively remove the infection on time


Name “I have bad news for you”
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  In some cases, unusual system issues, frequent errors and significant sluggishness may give the Trojan away.
Distribution Method  Most commonly distributed via malicious email links and attachments, phishing sites, torrents, infected ads and compromised downloads. 
Detection Tool

Remove “I have bad news for you” Email Bitcoin Virus 

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:



Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Leave a Comment