Gridinsoft Security Lab

PUA:Win32/SBYinYing Virus Analysis

PUA:Win32/SBYinYing

Stephanie AdlamAug 9, 20247 min read

PUA:Win32/SBYinYing is a potentially unwanted application (PUA) that is often bundled with certain cracked games. It may display ads to users or redirect them to potentially harmful websites, which puts it in the same line with adware and browser hijackers. Most often, user get infected with that malware after downloading cracked software. PUA:Win32/SBYinYing Overview PUA:Win32/SBYinYing is identified by Microsoft Defender as a potentially unwanted program. This detection is most commonly associated with a file named “EMP.dll”, which is typically found…

Disable Windows Defender - Windows 10/11 Guide

How to Disable Windows Defender? Windows 10 & 11 Guide

Stephanie AdlamAug 8, 20244 min read

Disabling Microsoft Defender is often thought of Windows users all around the world. Despite undoubtedly being a solid antivirus tool, it may cause issues here and there, forcing such a wish. In this guide, I’ll explain how to fully disable Microsoft Defender. How to Disable Microsoft Defender in Windows 10/Windows 11 There are two ways to disable Microsoft Defender: one is temporary, and the other is permanent. We’ll skip the temporary method since you’re probably here for the latter. Since…

Trojan:Win32/Qhosts.L Analysis & Removal Guide

Trojan:Win32/Qhosts

Stephanie AdlamAug 5, 20246 min read

Trojan:Win32/Qhosts is malware that provides remote access to the target system and modifies the Hosts file. It is primarily distributed through illegal activation tools found on torrent and warez sites. While the mentioned interaction with the system configuration file as a definitive feature, it is capable of much, much more unpleasant activities. Trojan:Win32/Qhosts Overview Trojan:Win32/Qhosts is a Microsoft Defender detection for dropper malware or remote-access trojans. Such malware is made to provide access to an infected system and deliver a…

What is PUABundler:Win32/YandexBundled? Removal Guide

PUABundler:Win32/YandexBundled

Stephanie AdlamJul 31, 20247 min read

PUABundler:Win32/YandexBundled is a detection of potentially unwanted application (PUA) associated with the Russian company Yandex. It is typically distributed as bundled software with repackaged or free programs. While being less dangerous than malware, it can still threaten both the privacy and normal operations of one’s computer. What is PUABundler:Win32/YandexBundled? PUABundler:Win32/YandexBundled is a generic detection name used by Windows Defender for potentially unwanted software from the Russian company Yandex. While Yandex and its products are legitimate (putting aside the fact that…

Docker Engine Auth Bypass Vulnerability Abuses Authentication Plugins

Docker Engine Authentication Bypass Vulnerability Exploited

Stephanie AdlamJul 25, 20243 min read

Attackers are actively exploiting a critical vulnerability in the Docker Engine that may allow for authentication bypass in a chain attack. This vulnerability allows attackers to bypass AuthZ authorization plugins, effectively mutilating any auth control. For this and several other reasons, the flaw got the max severity score possible (10.0). Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins Docker has reported a critical vulnerability in a selection of versions of their Docker Engine. This vulnerability enables threat actors…

Hamster Kombat Tap-Game Players Targeted in Malware Spreading

Hamster Kombat Players Targeted in a New Malware Spreading Scheme

Stephanie AdlamJul 25, 20245 min read

Players of Hamster Kombat have become prime targets for scammers promoting phishing schemes aimed at those looking for easy earnings. Malicious actors steal confidential data and infect inattentive players with malware. Due to the technical aspects of Hamster Kombat, these fraudulent schemes are highly successful. Hamster Kombat Tap-Game Players Targeted in Malware Spreading ESET researchers have discovered a series of successful scams based on the popularity of the game Hamster Kombat. As with any potential opportunity to make easy money,…

What is Trojan:BAT/PSRunner.VS!MSR? Removal Guide

Trojan:BAT/PSRunner.VS!MSR

Stephanie AdlamJul 23, 20245 min read

Trojan:BAT/PSRunner.VS!MSR is a detection of malware that executes malicious commands on a compromised system. It does not do much hurt by itself and rather serves for payload delivery & running. Aside from that, it does some basic system reconnaissance and gains persistence for the further payloads. Trojan:BAT/PSRunner.VS!MSR Overview Trojan:BAT/PSRunner.VS!MSR is a type of malware detection identifier used by Microsoft Defender antivirus. This heuristic detection applies to batch files (.bat), which are scripts that can execute a series of commands in…

Jellyfish Loader Malware Overview

Jellyfish Loader Malware Discovered, Threatens 2024 Olympics

Stephanie AdlamJul 21, 20245 min read

A new threat has been discovered in the form of a Windows shortcut that is actually a .NET-based shellcode downloader called Jellyfish Loader. It has some strange features that may signify that it is still at the development stage. Nonetheless, this malware is capable of deploying other malicious software in a selection of ways. Jellyfish Loader Malware Overview Researchers from Cyble have discovered a new Jellyfish Loader threat that stands out from other threats. The malicious file appears to originate…

What is Trojan:Script/Downloader!MSR? Removal Guide

Trojan:Script/Downloader!MSR

Stephanie AdlamJul 17, 20244 min read

Trojan:Script/Downloader!MSR is a malicious script that downloads other malware onto the target system. It is most commonly spread through illegal software and fake documents, and is capable of deploying pretty much any malicious program. Due to the complexity and the use of obfuscation, the exact malicious script may remain undetected, while the Defender will display a powershell.exe file as affected. Trojan:Script/Downloader!MSR Overview Trojan:Script/Downloader!MSR is a heuristic detection of Microsoft Defender that flags a small malware downloading script. Unlike a full-fledged…

Trojan:Win32/Bearfoos.B!ml Malware Analysis & Removal

Trojan:Win32/Bearfoos.B!ml

Stephanie AdlamJul 13, 20247 min read

Trojan:Win32/Bearfoos.B!ml is a detection of Microsoft Defender associated with data stealing malware. It may flag this malware due to the specific behavior patterns, assigning that name even to malicious programs of well-known families. As the Defender uses machine learning for this detection, it can sometimes be a false positive. Trojan:Win32/Bearfoos.B!ml Overview Trojan:Win32/Bearfoos.B!ml is a detection of Microsoft Defender AI system for infostealer malware and spyware. Typically, the malware this detection flags belongs to a broader family, but may as well…

What is Trojan:Win32/Malgent!MSR? Malware Analysis

Trojan:Win32/Malgent!MSR

Stephanie AdlamJul 10, 20245 min read

Trojan:Win32/Malgent!MSR detection has recently become widespread in Windows systems. It usually flags a real threat, particularly a dropper or a backdoor, which aim at delivering other malware to the system. However, these detections may be false positive, with certain types of programs often being detected for no obvious reason. Despite the possibility of it being a false detection, I heavily emphasize to you to take all the recommended precautions. It is hard to detect stealthy malicious software with your naked…

Polymorphic Virus & Metamorphic Virus

Polymorphic vs Metamorphic Virus

Stephanie AdlamJul 3, 20244 min read

Polymorphic and Metamorphic Malware: the Comparison In this article, we consider two types of pests: polymorphic and metamorphic viruses, which were designed to destroy the integrity of the operating system and harm the user. Before we find out what is the difference between polymorphic and metamorphic viruses, let’s figure out what is virus in general and where it originates. Virus is a type of malware that aims to infect the victim’s device, break its integrity and distribute its copies for…