Gridinsoft Security Lab

“Ledger Recovery Phrase Verification” is a scam email that targets non-vigilant users. Its goal is to trick users into writing down their recovery phrase on a fake Ledger website. “Ledger Recovery Phrase Verification” email scam overview The email titled “Ledger Recovery Phrase Verification” is a deceptive phishing attempt targeting cryptocurrency users, specifically those with Ledger […]

Trojan:PDF/Phish.A is detection of a PDF file which potentially carries a malicious link or script designed to harm the system. This embedded malicious script may download additional malware onto the target system, or cause other kinds of disruptions. Let me quickly overview the detection and show how to remove it. What is Trojan:PDF/Phish.A detection? Trojan:PDF/Phish.A […]

Trojan:PowerShell/Malscript!MSR refers to a detection linked to malicious script activity. This type of malware typically exploits the system console interface to download and run full-fledged malicious programs. Let me quickly explain what this detection is about, and show you how to remove it. What does the Trojan:PowerShell/Malscript!MSR detection mean? Trojan:PowerShell/Malscript!MSR is a heuristic detection for […]

TrojanDownloader:HTML/Elshutilo is script-based malware designed to download additional payloads onto the target system. Since detection is based on threat behavior rather than a signature, it can sometimes result in false positives. Let me explain the meaning of the detection, all the dangers related to it, and the way to remove it from the system. TrojanDownloader:HTML/Elshutilo […]

Opera GX is a special version of the Opera browser with extra features tailored for gamers. However, malicious, weaponized versions of the browser are circulating online, transforming this legitimate browser into a makeshift malware. In this post, I’ll explain how to tell the original Opera GX apart from modified versions and why these “alternative builds” […]

The Aruba.it email scam is a phishing campaign using fake emails that appear to be from Aruba S.p.A., a well-known Italian company providing domain and web hosting services. Scammers aim to deceive recipients by posing as Aruba and requesting urgent action, such as domain renewal, on a fake website that mimics the official aruba.it page. […]

The *Arma dei Carabinieri* message is a banner that may appear on your PC, attempting to mimic notifications from Italy’s national gendarmerie. Cybercriminals use their name and authority to convince users from Italy into paying a non-existent fine to unlock their computers. In this post, I will describe the principle of how this malware works […]

Trojan:Win32/Offloader.EA!MTB is malware designed to establish unauthorized access to a target system or deliver a payload of additional malware. This detection is sometimes associated with uTorrent installers, and in such cases, it is more likely a false positive. Let me describe each of these cases and explain how to remove the actual threat. Trojan:Win32/Offloader.EA!MTB Overview […]

While browsing the Web, you can at some point find yourself with an installer file for a program called UC Browser. This dubious program appears as a normal web browser, although it has some strange quirks to it. But in fact, it is a rather dangerous app that only looks like a web browser – […]

PUA:Win32/Webcompanion is a potentially unwanted program positioned as a malicious link blocker. In fact, it modifies browser settings and installs additional unwanted software and browser extensions. The program is commonly distributed as bundled or recommended software alongside freeware programs. PUA:Win32/Webcompanion Overview PUA:Win32/Webcompanion is a Microsoft Defender detection associated with a potentially unwanted program called Adaware […]

You can witness a PUA:Win32/DNDownloader detection while installing a certain software. This detection refers to a potentially unwanted software that attempts to run unwanted apps along with the “main” installation. In this article, I explain how to remove it and show the dangers related to that threat. Detection Overview PUA:Win32/DNDownloader is a heuristic detection of […]

PUABundler:Win32/MediaGet is a Russian potentially unwanted program designed for accessing pirated content. Like most similar software, it installs some unnecessary programs onto the system during installation and also turns the device into a proxy server in exchange for an ad-free experience. MediaGet Virus Overview PUABundler:Win32/MediaGet is a detection of potentially unwanted software associated with the […]