Any malware exists with the only target – gain money on you¹. And the programmers of these things are not thinking about morality – they use all available methods. Grabbing your private data, getting the comission for the banners you watch for them, utilizing your PC to mine cryptocurrencies – that is not the full list of what they do. Do you like to be a riding steed? That is a rhetorical question.

What does the pop-up with Trojan:PDF/Phish!rfn detection mean?

The Trojan:PDF/Phish!rfn detection you can see in the lower right side is shown to you by Microsoft Defender. That anti-malware program is quite OK at scanning, but prone to be mainly unstable. It is vulnerable to malware attacks, it has a glitchy interface and problematic malware removal features. Hence, the pop-up which states about the Phish is simply a notification that Defender has spotted it. To remove it, you will likely need to use another anti-malware program.

Microsoft Defender: “Trojan:PDF/Phish!rfn”

The exact Trojan:PDF/Phish!rfn infection is a really undesirable thing. It is present inside of your computer under the guise of something normal, or as a part of the tool you have got on a forum. After that, it makes all possible steps to weaken your system. At the end of this “party”, it injects other malicious things – ones which are wanted by crooks who manage this virus. Hence, it is almost impossible to predict the effects from Phish actions. And the unpredictability is one of the baddest things when it comes to malware. That’s why it is rather not to choose at all, and don’t let the malware to complete its task.

Threat Summary:

Is Trojan:PDF/Phish!rfn dangerous?

As I have specified before, non-harmful malware does not exist. And Trojan:PDF/Phish!rfn is not an exclusion. This malware alters the system configurations, alters the Group Policies and registry. All of these elements are critical for correct system functioning, even when we are not talking about PC safety. Therefore, the virus which Phish carries, or which it will inject later, will try to get maximum profit from you. Cybercriminals can steal your personal data, and then push it at the black market. Using adware and browser hijacker functionality, built in Trojan:PDF/Phish!rfn virus, they can make profit by showing you the advertisements. Each view gives them a penny, but 100 views per day = $1. 1000 victims who watch 100 banners per day – $1000. Easy math, but sad conclusions. It is a bad choice to be a donkey for crooks.

How did I get this virus?

It is not easy to line the sources of malware on your computer. Nowadays, things are mixed, and spreading tactics chosen by adware 5 years ago can be used by spyware these days. However, if we abstract from the exact distribution method and will think about why it works, the answer will be very basic – low level of cybersecurity understanding. People click on promotions on odd websites, click the pop-ups they get in their web browsers, call the “Microsoft tech support” thinking that the weird banner that says about malware is true. It is important to recognize what is legit – to prevent misconceptions when trying to determine a virus.

Microsoft tech support scam page

Nowadays, there are two of the most widespread methods of malware spreading – bait e-mails and injection into a hacked program. While the first one is not so easy to evade – you must know a lot to understand a counterfeit – the 2nd one is simple to solve: just don’t use cracked apps. Torrent-trackers and other sources of “free” applications (which are, in fact, paid, but with a disabled license checking) are really a giveaway place of malware. And Trojan:PDF/Phish!rfn is just within them.

How to remove the Trojan:PDF/Phish!rfn from my PC?

Trojan:PDF/Phish!rfn malware is very difficult to eliminate by hand. It places its documents in multiple places throughout the disk, and can recover itself from one of the elements. Additionally, numerous changes in the registry, networking settings and Group Policies are fairly hard to find and return to the initial. It is better to use a specific tool – exactly, an anti-malware app. GridinSoft Anti-Malware will definitely fit the best for virus removal goals.

Why GridinSoft Anti-Malware? It is really light-weight and has its databases updated almost every hour. In addition, it does not have such problems and exposures as Microsoft Defender does. The combination of these details makes GridinSoft Anti-Malware suitable for removing malware of any type.

Remove the viruses with GridinSoft Anti-Malware

• Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
• Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
• When the scan is over, you may choose the action for each detected virus. For all files of Phish the default option is “Delete”. Press “Apply” to finish the malware removal.

References

1. Read about malware types on GridinSoft Threat encyclopedia.