Gridinsoft Security Lab

Trojan:Win32/LsassDump.A is a detection that targets the LSASS process. Similar to other heuristic detections, it focuses on behavior rather than the file itself. Trojan:Win32/LsassDump.A Overview Trojan:Win32/LsassDump.A is a heuristic detection by Microsoft Defender, triggered by unauthorized access to the Windows LSASS process. As a heuristic detection, it flags attempts to access the process, particularly its […]

First-tl pop-up ads are malicious push notifications (like a Sec-tl sites) that parasite legitimate browser functionality. Fraudulent actors that stand behind this chain of websites earn money by showing hundreds of ads in such a way. And those are not just regular ads: it is common to see scams and phishing sites among them. Let […]

PUABundler:Win32/Rostpay is an antivirus detection related to the software released by Rostpay LLC. Antivirus programs detect it because it contains a lot of additional unwanted programs (PUA). Although their applications are not malicious, the software that comes bundled along with it can bring unpredictable consequences. As history shows software developers like Rostpay have already made […]

Altisik Service is a malicious coin miner that usually installs and runs on the target system without the explicit consent of the PC owner. It disguises itself as a Windows service, which makes it difficult to stop or remove. Let’s have a closer look at how this malware operates and how to delete it from […]

Trojan:Win32/Fauppod!ml is a detection that is based on machine learning and is assigned to an unspecified threat type. Usually such threats are identified by behavior rather than signatures. Nonetheless, this exact malware detection poses a serious hazard, as it appears to flag the activity of a targeted infostealer trojan. Trojan:Win32/Fauppod!ml Overview Trojan:Win32/Fauppod!ml is a generic […]

Trojan:Win32/Leonem is a spyware that targets any login data on a compromised system, including saved data in browsers and email clients. It primarily spreads through malicious documents or disguised as legitimate software. Trojan:Win32/Leonem Overview Trojan:Win32/Leonem is the detection name used by Microsoft Defender to identify spyware. It’s a classic example of this malware type, which […]

JsTimer is a malicious browser extension detected in various browsers, predominantly targeting users through dubious websites. This extension engages in peculiar behavior by blocking access to the Chrome Web Store, which, although seemingly trivial at first, raises significant concerns when paired with other similarly distributed extensions. Malicious browser extensions are not a novel threat; however, […]

PUA:Win32/GameHack is potentially unwanted software associated with tools used for hacking games or gaining unfair advantages over other players. This category typically includes cheats, trainers, and other software that injects itself into other processes. PUA:Win32/GameHack Overview PUA:Win32/GameHack is a generic Microsoft Defender detection for potentially unwanted programs (PUAs) associated with cheats or game hacking tools. […]

Funny Tool Redirect is a malicious browser extension that you may see installed in your browser. It spreads through dodgy websites and does a rather unusual mischief: blocking access to the Chrome Web Store. While being not a big deal at a first glance, its unwanted appearance, along with other extensions (like JsTimer) that spread […]

Win64/Reflo.HNS!MTB is a detection of a malware sample that aims at stealing confidential information. It usually spreads through game mods and works as quietly as possible. That virus may belong to any malware family, as it is a behavioral detection of a specific action that it does in the system. Win64/Reflo.HNS!MTB Overview Trojan:Win64/Reflo.HNS!MTB is a […]

Analysis shows a hike in the number of malicious pop-ups that come from Check-tl-ver websites. It is a rather common strategy of aggressive marketing that aims to spam users after forcing them to allow sending notifications from the aforementioned websites. Let’s figure out what this scam is, and how to stop Check-tl-ver pop-ups. What are […]

Trojan:PowerShell/CoinStealer.RP!MTB is a detection of Microsoft Defender, that normally flags malware that can steal cryptocurrency wallets. You may see it popping up after downloading a program from the Web or running a dodgy PowerShell script. More precisely, it collects credentials of different applications, and crypto wallets are among its primary targets. The Stealthiness of this […]