HackTool:Win32/Keygen is a detection name Microsoft Defender uses when it detects keygen types of programs on the computer. Microsoft Defender is the built-in antivirus program that is present on all computers running Windows. When users download keygen programs on a computer, Defender detects them as threats, not necessarily because they’re malicious. Keygen programs generate product license keys that are necessary…
PUA Win32/Softcnapp is the detection name used by Microsoft Defender for potentially unwanted programs with adware-like characteristics. The PUA in the detection name stands for potentially unwanted program, and it’s not malware. While PUA are often very annoying, they generally do not cause direct damage to devices, which is why they’re not classified as serious threats. If your Microsoft Defender…
PUADlManager:Win32/OfferCore is a generic detection name used by anti-virus programs like Microsoft Defender to detect bundled installers. If Defender or another anti-virus program is detecting it on your computer, it means that a program you installed had some kind of junk program (adware or a browser hijacker) attached to it as an additional offer. It doesn’t necessarily mean that your…
Noodlophile is a stealer trojan that aims to extract and steal highly sensitive information from users’ computers, including stored passwords, browser information (e.g., cookies), saved payment card details, etc. It’s a very dangerous type of infection that may stay in the background to avoid detection and steal as much information as possible. The operators of this stealer trojan are taking…
P*zdec ransomware, or .p*zdec virus, is a file-encrypting malware from the GlobeImposter ransomware family. This is a serious malware infection because it encrypts files and essentially takes them hostage. This ransomware can be identified by the .p*zdec extension added to encrypted files. Unfortunately, all files users hold host important will have this extension, as they’re the ones users are usually most…
D0glun ransomware, or .@D0glun@ virus, is a file-encrypting malware. These types of infections are designed to take users’ files hostage by encrypting them and demanding a payment for their recovery. This ransomware can be identified by the .@D0glun@[original file extension] extension. The ransomware appears to be targeting Chinese-speaking users, as the ransom note is in Chinese. If the computer does…
Black (Prince) ransomware, or .black virus, is a type of malware that encrypts files. These types of infections take files hostage by encrypting them and demanding a payment for their recovery. The ransomware targets all personal files, encrypts them, and adds the .black extension to them. The ransomware operators will offer you a decryptor, though the price is not specified. Whatever…
The “Binance Airdrop” scam refers to a fake Binance airdrop hosted on claimairdrop-reflection.xyz. It goes without saying that the scam has nothing to do with Binance Holdings, the cryptocurrency exchange platform. Malicious actors are merely using the platform’s popularity to steal users’ money. The fake site invites users to claim the airdrop and asks them to connect their digital wallets. If…
The “Online Webmail Deactivation” email is part of a phishing campaign that targets users’ email login credentials. It’s a generic phishing attempt, disguised as an email from the email service provider, supposedly informing recipients that an unusual login has triggered the email account to be temporarily blocked for security reasons. Users will supposedly be unable to use their accounts unless they…
The “European Data Protection Supervisor” email is a fake email from supposedly the European Data Protection Supervisor. The email has a file attached to it that claims an investigation by Europol has been launched against the recipient, supposedly because of “potential illegal activities involving the use of computer networks”. Specifically, illegal activities involving possession and dissemination of child abuse material, and…