Chrome Native Messaging Backdoor Steals Session Cookies
A fake invoice campaign installed a malicious Chrome extension and Native Messaging Host to steal session cookies and run PowerShell on Windows.
Gridinsoft security desk
Security Blog
Fresh malware news, scam explainers, removal guides, browser fixes, and field notes from the Gridinsoft research team. Start with the alert, then move to the fix.
Phantom Stealer RFQ Phishing
Fortra warns that Phantom Stealer is being delivered through fake request-for-quote archives. Here is what the Windows attack…
ScreenConnect Client Scam: Remove Unexpected Remote Access
Found ScreenConnect Client or ConnectWise Control after a call, email, or fake update? Stop remote access, remove the…
Guides
View all
You May Have Viruses On After Visiting An Adult Website Scam
The You May Have Viruses On After Visiting An Adult Website warning is a fake pop-up scam, not proof that your iPhone,…
Repair desk
View all
OneBrowser Removal: OB Browser, Services, and Leftovers
Remove OneBrowser/OB Browser safely: uninstall OB, stop onebupdate or obupdate leftovers, clean AppData, tasks, registry keys, and browser data.
SocGholish Malware: Fake Update Removal Guide
SocGholish, also called FakeUpdates, uses fake browser update prompts on compromised sites. Learn what to do if you downloaded or ran the fake update.
Trojan.Malware.300983.susgen
Learn what Trojan.Malware.300983.susgen means in VirusTotal results, when it is likely a false positive, and when…
Behavior:Win32/BrowserKill.A!MTB: Meaning and Removal
Seeing Behavior:Win32/BrowserKill.A!MTB in Microsoft Defender? Learn what the alert means, what to check in cmd.exe and…
Neshta.Virus.FileInfector.DDS
Neshta.Virus.FileInfector.DDS is a file-infector alert. Learn what to check, when it may be a false positive,…
Notepad++ XML File Risk
Notepad++ 8.9.6.1 fixes config.xml and shortcuts.xml code execution flaws. Learn who is affected, how to update,…
World Cup 2026 Ticket Scam: Fake FIFA Sites to Avoid
World Cup 2026 ticket scams use fake FIFA domains, ads, and resale offers to steal payment…
Extension Keeps Returning?
If a browser extension keeps reinstalling itself, remove the source that restores it: sync, browser policy,…
VFXmed Virus Warning
Downloaded a VFXmed installer? Learn why cracked VFX software is risky, what Themida/DLL-hijack/infostealer alerts mean, and…
VectorGatewa.exe Removal
VectorGatewa.exe keeps coming back after a game download? Learn what the file means, how to remove…
Latest from every desk
Troubleshooting
Trojan:Win32/Jpgiframe.A
Defender found Trojan:Win32/Jpgiframe.A? Keep quarantine, check the affected path, scan if alerts return, and…
Troubleshooting
SecureDocs Document Delivery Email Scam: Fake PDF Login
A SecureDocs Document Delivery email can lead to a fake login page instead of…
Troubleshooting
Trojan:Win64/Tedy!MTB: Meaning and Removal Guide
Defender found Trojan:Win64/Tedy!MTB? Keep quarantine, check the affected path, scan companion files and leftovers,…
Troubleshooting
Trojan:Win32/Tecabans.ST!cl: Remove or False Positive?
Defender found Trojan:Win32/Tecabans.ST!cl? Keep quarantine, check the file path and source, then decide whether…
Troubleshooting
Ashampoo WinOptimizer PUP: Cleanup or False Positive?
Some scanners flag Ashampoo WinOptimizer-related files as PUP. Here is how to decide whether…
Troubleshooting
Firefox user.js Hijack: Stop Settings From Changing Back
Firefox settings keep changing after restart? Learn how user.js works, when it is legitimate,…
Troubleshooting
Ellinfituns.com Ads: Remove Fake Browser Notifications
Seeing Ellinfituns.com ads or fake browser notifications? Remove the site permission, check extensions and…
Troubleshooting
simplitec Power Suite Removal: PUP Cleanup Guide
Uninstall simplitec Power Suite, remove PowerSuite.exe and ServiceProvider.exe startup tasks, stop browser notification spam,…
Troubleshooting
Advanced SystemCare Ultimate Removal: Startup, Tasks, and Leftovers
A practical cleanup guide for Advanced SystemCare Ultimate leftovers: startup entries, scheduled tasks, services,…
Troubleshooting
Ckrfresh.exe: CrypKey License File or Malware?
Found Ckrfresh.exe in Windows? Learn when it belongs to CrypKey licensing, when to investigate…
Troubleshooting
ProW File Compressor: Safe or Unwanted?
ProW File Compressor can look like a normal utility, but unexpected ProWsetup.exe pop-ups or…
Troubleshooting
TrackIR.exe and OpenTrack.exe: Safe Head Tracking Files or Malware?
TrackIR.exe and OpenTrack.exe can be legitimate head-tracking files, but wrong paths, unknown startup entries,…