Gridinsoft Security Lab

PUABundler:Win32/uTorrent_BundleInstaller is a Microsoft Defender detection that is associated with the installer of the once popular uTorrent client. It is detected by antiviruses because it contains a fair amount of additional software that is unwanted (PUA). Such programs can pose a security threat to your system. Let’s find out what’s wrong with it. Why is […]

WogRAT, also known as WingsOfGod RAT, is a novice remote access trojan that attacks users from Asian countries. Named after its own file – Wingsofgod.dll, this malware attacks people since late 2022, spreading through the online notepad service. What is WogRAT (WingsOfGod.dll)? WogRAT is a classic example of a remote access trojan, a backdoor-like malicious […]

PUABundler:Win32/FusionCore is a designation that Microsoft Defender Antivirus uses to detect and remove potentially unwanted programs (PUP) that are spread by bundling technology. FusionCore is not a stand-alone program, it is a piece of code that can install various unwanted elements such as adware, toolbars or browser extensions on your computer. Let me show you […]

Trojan:Script/Sabsik.fl.A!ml is a generic detection name used by Microsoft Defender. This name is particularly used to denote stealer malware that also possesses dropper capabilities. It can perform various activities of the attacker’s choice on the victim’s computer, such as spying, data theft, remote control, and installation of other viruses. In this article, we will tell […]

Backdoor:Win32/Bladabindi!ml is a generic detection name used by Microsoft Defender. It specifically refers to a backdoor malware known as njRAT, capable of hacking into and controlling victims’ computers. In which cases it is a dangerous trojan and in which cases it is a false positive detection, we will understand in this article. What is Backdoor:Win32/Bladabindi!ml? […]

PUA:Win32/PCMechanic is a detection associated with the potentially unwanted application. This pseudo system optimizer claims that the user’s system has many problems, and then offers to call the “tech support”. Let’s see why this may appear and how to remove it. What is PUA:Win32/PCMechanic? PUA:Win32/PCMechanic is a Microsoft Defender detection that indicates a PC Mechanic […]

Trojan:Script/Ulthar.A!ml is a detection of Windows Defender that identifies as a trojan. It specifically refers to a script-based malicious program. However, it can often turn out to be a false positive, and antivirus programs label harmless files as malicious. Let’s understand what this detection is and why it can be false. What is Trojan:Script/Ulthar.A!ml? Trojan:Script/Ulthar.A!ml […]

Bitfiat is a malicious coin miner that exploits your computer’s hardware to mine cryptocurrencies. Such malware takes as much resources as it can, making the system impossible to use. Let’s see what this malware is, and how to remove it. Bitfiat Overview The Bitfiat process is related to the activity of a malicious coin miner. […]

Misleading:Win32/Lodi is Microsoft Defender’s detection of potentially dangerous software. It makes misleading or deceptive claims about files, registry entries, or other items on your computer. Such programs are also known as scareware – software that tries to get you to pay money to fix non-existent problems or remove bogus viruses. In this article, I will […]

Trojan:Script/Phonzy.B!ml is a generic detection name used by Microsoft Defender. This type of malware is categorized as a loader as it mainly aims at delivering malicious payloads onto infected systems. Throughout hundreds of infection cases, Phonzy trojan was noticed to often deliver banking trojans. Trojan:Script/Phonzy.B!ml Overview Trojan:Script/Phonzy.B!ml is a generic detection name that Windows Defender […]

SYSDF is a ransomware-type program that belongs to the Dharma malware family. Such malicious software aims mainly at small companies, aiming at file encryption with further requests for ransom payment for their decryption. It was originally discovered by Jakub Kroustek on February 16, 2024. What is SYSDF Ransomware? SYSDF ransomware is a yet another example […]

Vmmem, short for “Virtual Machine Memory“, is a process that indicates the resource utilization by virtual machines on your system. It operates in tandem with virtual machines and remains inactive without any virtual machine activity. However, suppose you observe high CPU and memory consumption by the vmmem process. In that case, your virtual machine is […]