Gridinsoft Security Lab

PUA:Win32/Softcnapp is a generic detection name of Microsoft Defender, assigned to an unwanted program. It sometimes appears as false positive detections of a legit app, like a desktop Viber client, NZXT Cam app, and others. But is it really dangerous? Let’s find out. What is PUA:Win32/Softcnapp? PUA:Win32/Softcnapp is a detection name of an unwanted program, coined by Microsoft Defender. It usually denotes a program with actual functionality that nonetheless has some issues that can make it unwanted. For instance, such…

WogRAT, also known as WingsOfGod RAT, is a novice remote access trojan that attacks users from Asian countries. Named after its own file – Wingsofgod.dll, this malware attacks people since late 2022, spreading through the online notepad service. What is WogRAT (WingsOfGod.dll)? WogRAT is a classic example of a remote access trojan, a backdoor-like malicious program that focuses on providing remote access to the infected system. ASEC researchers were first to detect and track the malware campaign. They additionally emphasize…

PUABundler:Win32/FusionCore is a designation that Microsoft Defender Antivirus uses to detect and remove potentially unwanted programs (PUP) that are spread by bundling technology. FusionCore is not a stand-alone program, it is a piece of code that can install various unwanted elements such as adware, toolbars or browser extensions on your computer. Let me show you why it is dangerous and how to remove it. What is PUABundler:Win32/FusionCore? PUABundler:Win32/FusionCore is the detection name for a tool used for bundling additional applications…

Werfault.exe is a system process used to collect information about program errors, which helps diagnose and resolve issues to improve the user experience. In certain cases, it can repeatedly crash, displaying an error message, and also be used by malware. What is Werfault.exe? Werfault.exe is a Windows Error Reporting (WER) process. It is responsible for handling error reporting in Windows operating systems. WerFault.exe was first released on 11/08/2006 for Windows Vista and is still present in Windows 10 and 11.…

Trojan:Script/Sabsik.fl.A!ml is a generic detection name used by Microsoft Defender. This name is particularly used to denote stealer malware that also possesses dropper capabilities. It can perform various activities of the attacker’s choice on the victim’s computer, such as spying, data theft, remote control and installation of other viruses. In this article, we will tell you how to analyze, detect and remove this trojan from your computer. What is Trojan:Script/Sabsik.fl.A!ml? Trojan:Script/Sabsik.fl.A!ml is a trojan detected by Windows Defender. This detection…

Csrss.exe is an important Windows process, which may sometimes consume a lot of system resources and puzzle the users with such behavior. Some people may mistake it for malware and try to terminate it forcefully. So, is csrss.exe dangerous? And how to fix the issues it creates? Let’s find out. What is Csrss.exe? Csrss.exe is a legitimate Windows process with the full name of Client Server Runtime Process and is critical to the system. This process is present in all…

Backdoor:Win32/Bladabindi!ml is a generic detection name used by Microsoft Defender. It specifically refers to a backdoor malware known as njRAT, capable of hacking into and controlling victims’ computers. In which cases it is a dangerous trojan and in which cases it is a false positive detection, we will understand in this article. What is Backdoor:Win32/Bladabindi!ml? Backdoor:Win32/Bladabindi!ml is the Windows Defender detection for njRAT malware, that is categorized as backdoor. “Bladabindi” is one of many names used by antivirus companies to…

PUA:Win32/PCMechanic is a detection associated with the potentially unwanted application. This pseudo system optimizer claims that the user’s system has many problems, and then offers to call the “tech support”. Let’s see why this may appear and how to remove it. What is PUA:Win32/PCMechanic? PUA:Win32/PCMechanic is a Microsoft Defender detection that indicates a PC Mechanic Plus program present in the system. PC Mechanic Plus is a potentially undesirable program, more specifically a fake optimization tool. This app in fact borders…

Trojan:Script/Ulthar.A!ml is a detection of Windows Defender that identifies as a trojan. It specifically refers to a script-based malicious program. However, it can often turn out to be a false positive, and antivirus programs label harmless files as malicious. Let’s understand what this detection is and why it can be false. What is Trojan:Script/Ulthar.A!ml? Trojan:Script/Ulthar.A!ml is a generic detection name assigned by Microsoft Defender to a malicious script. Such threats may belong to different malware families, but to simplify the…

RsEngineSvc.exe is an executable file associated with RAV Antivirus, a program developed by ReasonLabs. While being less dangerous than malware, it may be categorized as PUP (Potentially Unwanted Program). This kind of software is usually bundled with other free applications and installed without the user’s knowledge or distributed through deceptive advertising. Is Rsenginesvc.exe Virus? As I wrote above, rsEngineSvc.exe process is a part of RAV Antivirus (Reason Core Security Engine Service). It is a program from ReasonLabs and supposedly serves…

Bitfiat is a malicious coin miner that exploits your computer’s hardware to mine cryptocurrencies. Such malware takes as much resources as it can, making the system impossible to use. Let’s see what this malware is, and how to remove it. Bitfiat Overview The Bitfiat process is related to the activity of a malicious coin miner. Such malware uses your computer’s resources to mine cryptocurrencies, mainly Monero or DarkCoin. An unusual part about Bitfiat is its origins: it is based on…

Trojan:Script/Phonzy.B!ml is a generic detection name used by Microsoft Defender. This type of malware is categorized as a loader as it mainly aims at delivering malicious payloads onto infected systems. Throughout hundreds of infection cases, Phonzy trojan was noticed to often deliver banking trojans. Trojan:Script/Phonzy.B!ml Overview Trojan:Script/Phonzy.B!ml is a generic detection name that Windows Defender uses to mark small malware families. Such malicious programs may have similar behavior and code elements but belong to different groups. For functionality, Phonzy.B!ml is…