Gridinsoft Security Lab

PUADlManager:Win32/OfferCore is a detection of Microsoft Defender related to bundled software, specifically to a piece of code that is used to create the bundle. OfferCore itself is not a specific program or application. Instead, it is an add-on used to package multiple software components into a single installer. Such components rarely include any useful applications and usually deliver unwanted software. What is PUADlManager:Win32/OfferCore? OfferCore is a bundling tool that is used to install additional apps along with the “main” one.…

WinRing0x64.sys is a low-level driver that is used by specific applications. The file is not malicious, though, but malware can abuse this driver. Next, we will find out who uses WinRing0x64.sys and why and answer the question of whether it can be removed. WinRing0x64 Overview WinRing0x64.sys is a crucial software component that allows applications to gain low-level access to hardware components for system monitoring or overclocking purposes. It bypasses high-level interfaces provided by the operating system to interact directly with…

SearchHost is a process responsible for indexing the Start menu and Explorer search files in Windows 10/11. It allows you to conveniently search for files on your computer by indexing their contents. However, this process can be spoofed by a coin miner or malware that uses its name to masquerade on your system. How to know if this process is a virus? And what should I do in the case of searchhost.exe high memory and GPU usage? Here is our…

Sihost.exe is a crucial background process in Windows 11/10 that governs essential features like the context menu and action center. However, it can sometimes malfunction and disrupt system stability. In this article, we unravel the essence of Sihost.exe and equip you to eliminate troubles within your system. Sihost.exe – What is It? Windows has many background processes, each of which is responsible for something. The Sihost.exe process (Shell Infrastructure Host file) is a critical executable file that executes various system…

SYSDF is a ransomware-type program that belongs to the Dharma malware family. Such malicious software aims mainly at small companies, aiming at file encryption with further requests for ransom payment for their decryption. It was originally discovered by Jakub Kroustek on February 16, 2024. What is SYSDF Ransomware? SYSDF ransomware is a yet another example of Dharma ransomware, a malware family active since 2016. First detected on February 16, it appends its unique SYSDF extension to the files, along with…

The HxTsr.exe process is a part of the Microsoft Outlook Communications component of the Windows 10/11 operating system. This process is responsible for synchronizing mail, contacts and calendar between Outlook and other applications . Typically, it runs in the background and does not attract users’ attention at all. However, in some cases, the HxTsr.exe process may be responsible for performance issues, security or system stability. It is possible that this process is tampered or infected with a virus that uses…

Vmmem, short for “Virtual Machine Memory,” is a process that indicates the resource utilization by virtual machines on your system. It operates in tandem with virtual machines and remains inactive without any virtual machine activity. However, suppose you observe high CPU and memory consumption by the vmmem process. In that case, your virtual machine is not configured correctly. Vmmem Process Explained Vmmem process is commonly found in Windows 10/11 or Windows Server systems with Hyper-V functionality enabled. The Windows Hypervisor…

The dwm.exe process is an important Windows component that is responsible for the visual design of the desktop. It provides effects such as transparency, animation and window switching. However, sometimes you can encounter dwm.exe high memory usage situations, which leads to performance degradation of your device. Aside from this, there is a thing that people call “dwm.exe virus”. It is in fact a malicious program which uses the name of a legit process to hide its activities. In this article…

Public release of ChatGPT made a sensation back in 2022; it is not an exaggeration to say it is a gamechanger. However, the scammers go wherever large numbers of people do. Fake ChatGPT services started popping up here and there, and this is not going to be over even nowadays. So, what is ChatGPT virus? How dangerous are they? Let’s review the most noticeable examples. Fake ChatGPT Sites: From Money Scams to Malware The wave of hype around the public…

A new Windows malware called Ov3r_Stealer is spreading through fake Facebook job ads, according to a report by Trustwave SpiderLabs. The malware is designed to steal sensitive information and crypto wallets from unsuspecting victims. Let’s delve into the mechanics of these deceptive ads, and Ov3r_Stealer. Ov3r_Stealer Abuses Facebook Job Ads Scammers use elaborate job ads posted on Facebook. These seem legitimate at first glance and target a wide range of job seekers with the promise of lucrative opportunities. As the…

Tax season has already begun, and so did tax season scams. The IRS annually lists its top tax scams to help taxpayers protect themselves. Most tax season scams involve identity theft, but there could be a lot of other consequences. Awareness of these schemes can help consumers protect themselves, and we will go into more detail about that now. Tax Season Scams Tax season began on Jan. 29, when the Internal Revenue Service (IRS) started receiving and processing 2023 federal…

Recent research uncovers a new sample of Mispadu malware that uses a SmartScreen bypass flaw to integrate itself into the system. This banking trojan from 2019 uses the vulnerability discovered in late 2023 to target mainly LATAM users. Mispadu Trojan Uses SmartScreen Bypass The extensive research regarding Mispadu malware done by Unit 42, among other things, underscores the use of a critical vulnerability in Windows to circumnavigate SmartScreen protection. The flaw, known as CVE-2023-36025, was detected and fixed by Microsoft…