Trojan:Script/Phonzy.C!ml
Sarah Oconnell
Updated on May 04, 2026
Any malware exists with the only target – generate profits on you1. And the programmers of these things are not thinking about morality – they utilize all possible tactics. Grabbing your private data, getting the payments for the advertisements you watch for them, exploiting your CPU and GPU to mine cryptocurrencies – that is not the full list of what they do. Do you like to be a riding horse? That is a rhetorical question.
What does the pop-up with Trojan:Script/Phonzy.C!ml detection mean?
The Trojan:Script/Phonzy.C!ml detection you can see in the lower right corner is displayed to you by Microsoft Defender. That anti-malware application is quite OK at scanning, but prone to be generally unstable. It is unprotected to malware invasions, it has a glitchy interface and bugged malware removal features. Therefore, the pop-up which says concerning the Phonzy is just a notification that Defender has actually detected it. To remove it, you will likely need to make use of a separate anti-malware program.
detection
The exact Trojan:Script/Phonzy.C!ml virus is a very undesirable thing. It digs inside of your system under the guise of something benevolent, or as a part of the program you downloaded from a forum. Then, it makes everything to make your system weaker. At the end of this “party”, it injects other viruses – ones which are wanted by crooks who control this virus. Hence, it is likely impossible to predict the effects from Phonzy actions. And the unpredictability is one of the most upleasant things when it comes to malware. That’s why it is rather not to choose at all, and don’t let the malware to complete its task.
Threat Summary:
| Name | Phonzy Trojan |
| Detection | Trojan:Script/Phonzy.C!ml |
| Details | Phonzy tool that looks legitimate but can take control of your computer. |
| Fix Tool | GridinSoft Anti-MalwareSee If Your System Has Been Affected by Phonzy Trojan |
Technical details
Show the informationFile Info:
crc32: 5312A805md5: 436de87b93c215c6b5e13103afdf9107name: 436DE87B93C215C6B5E13103AFDF9107.mlwsha1: 6505da4dea815a9d95ebcf02244b4db4e04b2230sha256: a05eafe4b0f8a95f88768139bbc8461c4003a72fa1bac5fcf7cf124470b0d925sha512: e3569beec1f6d4fc78acf0a63604e101dd64993ee40f7cc41ac74092d69d46a3452f14c19e7c67dfa6661d5d675f32cbb456fef77aca155550b27fe1a5cc3e28ssdeep: 3072:0/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFSeze5jBplQ3o:3tzsb5Uh28+V1WW69B9VjMdxPedN9ug5type: PE32+ executable (console) x86-64, for MS WindowsVersion Info:
LegalCopyright: CanBusInternalName: UserDataBackupFileVersion: 3.0.0.0LegalTrademarks: CanBusProductName: UserDataBackupProductVersion: 3.0.0.0PrivateBuild: CanBusOriginalFilename: UserDataBackupTranslation: 0x0000 0x04e4
Trojan:Script/Phonzy.C!ml also known as:
Show the information| GridinSoft | Trojan.Ransom.Gen |
| Lionic | Trojan.Win32.Cryrar.tqFl |
| Elastic | malicious (high confidence) |
| Cynet | Malicious (score: 100) |
| ALYac | Trojan.GenericKD.37347215 |
| Cylance | Unsafe |
| Zillya | Trojan.Generic.Win32.922194 |
| Alibaba | Trojan:Application/Generic.87c81b28 |
| Symantec | Trojan.Gen.2 |
| APEX | Malicious |
| Avast | Win64:Malware-gen |
| Kaspersky | Trojan-Ransom.Win32.Encoder.nkr |
| BitDefender | Trojan.GenericKD.37347215 |
| MicroWorld-eScan | Trojan.GenericKD.37347215 |
| Ad-Aware | Trojan.GenericKD.37347215 |
| Sophos | Mal/Generic-S |
| McAfee-GW-Edition | BehavesLike.Win64.Dropper.ch |
| FireEye | Generic.mg.436de87b93c215c6 |
| Emsisoft | Trojan.GenericKD.37347215 (B) |
| SentinelOne | Static AI – Suspicious PE |
| Webroot | W32.Encoder |
| Antiy-AVL | Trojan/Generic.ASMalwS.2BB2C00 |
| Microsoft | Trojan:Script/Phonzy.C!ml |
| Arcabit | Trojan.Generic.D239DF8F |
| ZoneAlarm | Trojan-Ransom.Win32.Encoder.nkr |
| GData | Trojan.GenericKD.37347215 |
| MAX | malware (ai score=81) |
| MaxSecure | Trojan.Malware.300983.susgen |
| Fortinet | PossibleThreat.PALLAS.H |
| AVG | Win64:Malware-gen |
| Paloalto | generic.ml |
Is Trojan:Script/Phonzy.C!ml dangerous?
As I have actually mentioned before, non-harmful malware does not exist. And Trojan:Script/Phonzy.C!ml is not an exception. This malware modifies the system setups, alters the Group Policies and Windows registry. All of these components are vital for proper system operating, even in case when we are not talking about system safety. Therefore, the malware which Phonzy contains, or which it will download later, will squeeze out maximum revenue from you. Cybercriminals can grab your personal data, and then sell it at the black market. Using adware and browser hijacker functionality, built in Trojan:Script/Phonzy.C!ml virus, they can make profit by showing you the banners. Each view gives them a penny, but 100 views per day = $1. 1000 victims who watch 100 banners per day – $1000. Easy math, but sad conclusions. It is a bad choice to be a donkey for crooks.
How did I get this virus?
It is difficult to trace the origins of malware on your computer. Nowadays, things are mixed, and spreading ways chosen by adware 5 years ago can be utilized by spyware nowadays. However, if we abstract from the exact spreading way and will think about why it has success, the reply will be very uncomplicated – low level of cybersecurity understanding. People click on promotions on weird sites, open the pop-ups they receive in their browsers, call the “Microsoft tech support” believing that the odd banner that says about malware is true. It is very important to understand what is legitimate – to prevent misunderstandings when attempting to identify a virus.
Microsoft tech support scam page
Nowadays, there are two of the most common tactics of malware spreading – lure emails and injection into a hacked program. While the first one is not so easy to evade – you must know a lot to understand a counterfeit – the 2nd one is easy to handle: just do not use hacked programs. Torrent-trackers and various other providers of “totally free” applications (which are, actually, paid, but with a disabled license checking) are really a giveaway point of malware. And Trojan:Script/Phonzy.C!ml is just one of them.
How to remove the Trojan:Script/Phonzy.C!ml from my PC?
Trojan:Script/Phonzy.C!ml malware is very hard to erase manually. It places its documents in numerous places throughout the disk, and can recover itself from one of the elements. Moreover, various changes in the registry, networking configurations and Group Policies are quite hard to discover and return to the initial. It is much better to use a special program – exactly, an anti-malware app. GridinSoft Anti-Malware will definitely fit the best for malware removal goals.
Why GridinSoft Anti-Malware? It is really light-weight and has its detection databases updated practically every hour. In addition, it does not have such bugs and weakness as Microsoft Defender does. The combination of these facts makes GridinSoft Anti-Malware ideal for getting rid of malware of any form.
Download GridinSoft Anti-MalwareRemove the viruses with GridinSoft Anti-Malware
- Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
- Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
- When the scan is over, you may choose the action for each detected virus. For all files of Phonzy the default option is “Delete”. Press “Apply” to finish the malware removal.
References
- Read about malware types on GridinSoft Threat encyclopedia.
