Gridinsoft Security Lab

PUABundler:Win32/Rostpay is an antivirus detection related to the software released by Rostpay LLC. Antivirus programs detect it because it contains a lot of additional unwanted programs (PUA). Although their applications are not malicious, the software that comes bundled along with it can bring unpredictable consequences. As history shows software developers like Rostpay have already made […]

Altisik Service is a malicious coin miner that usually installs and runs on the target system without the explicit consent of the PC owner. It disguises itself as a Windows service, which makes it difficult to stop or remove. Let’s have a closer look at how this malware operates and how to delete it from […]

Trojan:Win32/Fauppod!ml is a detection that is based on machine learning and is assigned to an unspecified threat type. Usually such threats are identified by behavior rather than signatures. Nonetheless, this exact malware detection poses a serious hazard, as it appears to flag the activity of a targeted infostealer trojan. Trojan:Win32/Fauppod!ml Overview Trojan:Win32/Fauppod!ml is a generic […]

Trojan:Win32/Leonem is a spyware that targets any login data on a compromised system, including saved data in browsers and email clients. It primarily spreads through malicious documents or disguised as legitimate software. Trojan:Win32/Leonem Overview Trojan:Win32/Leonem is the detection name used by Microsoft Defender to identify spyware. It’s a classic example of this malware type, which […]

JsTimer is a malicious browser extension detected in various browsers, predominantly targeting users through dubious websites. This extension engages in peculiar behavior by blocking access to the Chrome Web Store, which, although seemingly trivial at first, raises significant concerns when paired with other similarly distributed extensions. Malicious browser extensions are not a novel threat; however, […]

PUA:Win32/GameHack is potentially unwanted software associated with tools used for hacking games or gaining unfair advantages over other players. This category typically includes cheats, trainers, and other software that injects itself into other processes. PUA:Win32/GameHack Overview PUA:Win32/GameHack is a generic Microsoft Defender detection for potentially unwanted programs (PUAs) associated with cheats or game hacking tools. […]

Funny Tool Redirect is a malicious browser extension that you may see installed in your browser. It spreads through dodgy websites and does a rather unusual mischief: blocking access to the Chrome Web Store. While being not a big deal at a first glance, its unwanted appearance, along with other extensions (like JsTimer) that spread […]

Win64/Reflo.HNS!MTB is a detection of a malware sample that aims at stealing confidential information. It usually spreads through game mods and works as quietly as possible. That virus may belong to any malware family, as it is a behavioral detection of a specific action that it does in the system. Win64/Reflo.HNS!MTB Overview Trojan:Win64/Reflo.HNS!MTB is a […]

Analysis shows a hike in the number of malicious pop-ups that come from Check-tl-ver websites. It is a rather common strategy of aggressive marketing that aims to spam users after forcing them to allow sending notifications from the aforementioned websites. Let’s figure out what this scam is, and how to stop Check-tl-ver pop-ups. What are […]

Trojan:PowerShell/CoinStealer.RP!MTB is a detection of Microsoft Defender, that normally flags malware that can steal cryptocurrency wallets. You may see it popping up after downloading a program from the Web or running a dodgy PowerShell script. More precisely, it collects credentials of different applications, and crypto wallets are among its primary targets. The Stealthiness of this […]

PUABundler:Win32/DriverPack is potentially unwanted software that claims to install or update drivers. In fact, it floods the system with unwanted software and changes browser settings without the user’s consent. In this post, I will explain the dangers behind this unwanted app and show the ways to remove it from the system. PUABundler:Win32/DriverPack Overview PUABundler:Win32/DriverPack is […]

“Virus Alert (05261)” is a scam pop-up message you can see on a website that looks like a Microsoft page, but with a strange URL. It tries convincing people about their system being in trouble. As proof of it, they show a banner saying about outdated apps, incorrect privacy settings, and more critical problems. The […]