Threat research notebook

Gridinsoft Security Lab

Fresh malware notes, phishing samples, scam redirects, ransomware observations, and field reports from Gridinsoft research. No gallery, no filler: date, case, finding, next read.

302 lab records

Field note ·

Trojan:Win32/Pomal!rfn Removal

Defender flagged Trojan:Win32/Pomal!rfn? Learn how to check the file path, source, signature, false-positive signs, MSERT scan,...

Field note ·

Novalock Ransomware

Novalock is a sophisticated form of malware designed to encrypt your files and then demand payment...

Field note ·

Locklocklock Ransomware

Locklocklock is a ransomware virus designed to lock your files and demand payment to restore access....

Research log

03

Brad Garlinghouse Crypto Giveaway Scam Explained

Record ·

Brad Garlinghouse Crypto Giveaway is a scam campaign that masquerades as a cryptocurrency giveaway. It falsely claimed to be organized by Ripple Foundation with...

04

Shougnoboassi.net Redirect Virus

Record ·

Shougnoboassi.net is a website that you may notice appearing in your web browser. It shows a human verification button, and upon interaction redirects the...

05

Skyjem.com

Record ·

Skyjem.com is a questionable search engine that you may see appearing in the browser for no obvious reason. Its search results are questionable and...

06

Ledger Recovery Phrase Verification Scam

Record ·

“Ledger Recovery Phrase Verification” is a scam email that targets non-vigilant users. Its goal is to trick users into writing down their recovery phrase...

08

Trojan:PowerShell/Malscript!MSR

Record ·

Trojan:PowerShell/Malscript!MSR refers to a detection linked to malicious script activity. This type of malware typically exploits the system console interface to download and run...

09

TrojanDownloader:HTML/Elshutilo

Record ·

TrojanDownloader:HTML/Elshutilo is script-based malware designed to download additional payloads onto the target system. Since detection is based on threat behavior rather than a signature,...

11

Aruba.it Email Scam

Record ·

The Aruba.it email scam is a phishing campaign using fake emails that appear to be from Aruba S.p.A., a well-known Italian company providing domain...

12

Arma dei Carabinieri Virus

Record ·

The *Arma dei Carabinieri* message is a banner that may appear on your PC, attempting to mimic notifications from Italy's national gendarmerie. Cybercriminals use...

13

Trojan:Win32/Offloader.EA!MTB

Record ·

Trojan:Win32/Offloader.EA!MTB is malware designed to establish unauthorized access to a target system or deliver a payload of additional malware. This detection is sometimes associated...

15

PUA:Win32/WebCompanion: Meaning and Removal

Record ·

PUA:Win32/WebCompanion is a Defender detection for Adaware Web Companion or related bundled installs. Remove unwanted browser and system changes.

AI Assistant

Hello! 👋 How can I help you today?