Gridinsoft Security Lab

PUABundler:Win32/Rostpay is an antivirus detection related to the software released by Rostpay LLC. Antivirus programs detect it because it contains a lot of additional unwanted programs (PUA). Although their applications are not malicious, the software that comes bundled along with it can bring unpredictable consequences. As history shows software developers like Rostpay have already made a name for themselves in the digital marketplace as builders of unwanted software. But due to the pursuit of free software, users are taking risks…

Researchers uncovered a vulnerability in Apple Silicon processors, dubbed GoFetch. It allows attackers to extract secret keys from Mac computers while performing widespread cryptographic operations. Notably, it is practically impossible to patch the flaw as it stems from the microarchitecture of the processor. Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys Researchers have discovered a vulnerability in Apple’s self-made M-series processors. Under certain conditions, this vulnerability allows cryptographic information to be stolen from the processor cache. Modern computing devices…

VirTool:Win32/DefenderTamperingRestore is the name of the Microsoft Defender detection of a malicious element present in the system. Usually, it marks a thing that can weaken the system security and make the device vulnerable to malware injection. Let’s find out how dangerous this is, and how to deal with it. Threats like VirTool are often the sign of an ongoing malware attack. Threats may carry embedded code that targets security tools, as well as use a stand-alone script. The fact that…

Hellminer.exe is a process you can see in the Task Manager that indicates a malicious software activity. It stands out by the high CPU load it creates, making the system much less responsive. Let’s figure out what this process is, and how to get rid of it. Continue reading Hellminer.exe Coin Miner

Dragon Angel is a browser extension that functions as a hijacker malware. It redirects users to promoted search engines or websites. These redirects ruin the process of browsing and can lead to irrelevant or potentially harmful content or malware distribution. Dragon Angel Overview Dragon Angel is a malicious browser extension that can appear in Chrome browsers. It usually appears as a result of adware activity on the system. For example, unwanted programs like Chromstera or Chromnius after installation can offer…

The Usermode Font Driver Host process is an important part of the Windows operating system. It may raise questions among users due to its high consumption of resources such as CPU and memory. Let’s find out what this process is and whether you can do without it. What is Usermode Font Driver Host? The Usermode Font Driver Host process, as its name suggests, is responsible for handling fonts in user mode, which helps the system display text in various applications…

PUA:Win32/Vigua.A is a universal detection name used by Microsoft Defender to detect potentially unwanted applications (PUAs). This is often associated with various system optimizers that have hidden functionality in addition to their stated functions. PUA:Win32/Vigua.A Overview PUA:Win32/Vigua.A is a generic detection associated with unwanted software positioned as a system optimizer. Usually, it falls under scareware definition – an app that finds many issues in the system and requires purchasing the full software version to fix them. Alternatively, such apps offer…

Taskbarify is unwanted software that claims it is a tiny little Windows tweaker. However, it also turns the device into a proxy server without the user’s knowledge. Let me show you what is so dangerous about this utility, and how to remove it. What is Taskbarify? Taskbarify is a Windows utility classified as a Potentially Unwanted Application (PUA). As for functionality, officially, this program has one function – changing the appearance of the taskbar. Taskbarify has an “official” website, but…

Trojan:Win32/Vigorf.A is a generic detection of Microsoft Defender. This detection commonly identifies a running loader malware that may deal significant harm to the system. In this article, let’s find out how dangerous Vigorf.A is and how to get rid of it. What is Trojan:Win32/Vigorf.A? Trojan:Win32/Vigorf.A is the detection name that Microsoft Defender attributes to dropper/loader malware. This generic detection name refers to a whole range of malicious programs, rather than one specific family. The goal of Vigorf.A is unauthorizing system…

Trojan:Win32/Znyonm is a detection often seen during the backdoor malware activity in the background. Such malware can escalate privileges, enable remote access, or deploy more payloads. Let’s dive into this malicious program, understand how it works, and see how to remove it. Trojan:Win32/Znyonm Detection Overview Trojan:Win32/Znyonm is a detection associated with backdoor malware, usually the one that uses deep obfuscation and anti-analysis techniques. In particular, this detection name appears with malware like GuLoader, Remcos RAT, and Pikabot. Others can also…

Win32/Wacapew.C!ml detection refers to programs that have suspicious properties. This can be either a false positive or a detection of a program that has its properties & functions border with ones of a PUA. Let’s look into this and find out what this detection is. What is Win32/Wacapew.C!ml? Program:Win32/Wacapew.C!ml is a heuristic detection designed to detect a suspicious program. However, it is not a specific virus or malware. Microsoft Defender uses this type of detection to identify a wide range…

PUABundler:Win32/uTorrent_BundleInstaller is a Microsoft Defender detection that is associated with the installer of the once popular uTorrent client. It is detected by antiviruses because it contains a fair amount of additional software that is unwanted (PUA). Such programs can pose a security threat to your system. Let’s find out what’s wrong with it. Why is uTorrent detected as uTorrent_BundleInstaller? While being totally legitimate in its original form, uTorrent has some pitfalls to avoid. The main issue here is that it…