Trojan:Script/Phonzy.A!ml 🥺 (Phonzy Trojan)

Seeing the notification about Trojan:Script/Phonzy.A!ml detected on your PC does not mean anything good for you. The computer is infected with a dangerous virus, which targets your banking data. But don’t panic – you can remove it easily before it makes something bad. In this post, you will see the removal guide and also the description for that threat.
Wilbur Woodham
Wilbur Woodham
IT Security Expert

It is better to prevent, than repair and repent!

When we talk about the intrusion of unfamiliar programs into your computer’s work, the proverb “Forewarned is forearmed” describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | Gridinsoft

What is the Trojan:Script/Phonzy.A!ml?

You must not panic while solving the malware attack. Viruses like Trojan:Script/Phonzy.A!ml do not act immediately, so you always have time to stop it.

This virus can be classified as a banking trojan. It is a specific subtype of trojan-stealers, that became extremely widespread after the worldwide implementation of online banking. As you can understand from its name, that trojan targets your credentials of a banking account. Every bank has its own security mechanisms, which are designed to prevent the attempt to steal the credentials from the login window. That’s why banking trojans have a lot of facilities to detour these security layers.

Phonzy trojan can try to get your banking credentials in different ways. For some banks that do not have any anti-stealer protection on their online banking pages, the virus can do nothing. All he needs is to copy the credentials you typed and paste them in the separate file. Then, this file will be sent to the command server. Those banks who care about the security of their customers force the virus to find a roundabout. Trojan:Script/Phonzy.A!ml is able to change your networking settings, as well as browser configurations. When the virus sees that victim uses the secured banking page, it manages to show you the phishing page. That trick is done through the HOSTS file change. When you try to open the online banking website, you will see a well-designed counterfeit. In fact, that page has only a login window and a login error popup.

Does your antivirus regularly report about the “Phonzy”?

If you spectated a message showing the “Trojan:Script/Phonzy.A!ml detected”, you need to hurry up and remove the threat. Virus cannot complete its task instantly, it requires some time (and your activity) to do its job. But the less time the Phonzy trojan is active – the less the chance that you will discover your bank account robbed. Spectating the “Trojan:Script/Phonzy.A!ml” detection must be a trigger for you to scan your device with GridinSoft Anti-Malware.

Trojan:Script/Phonzy.A!ml found

Microsoft Defender: “Trojan:Script/Phonzy.A!ml”

Trojan:Script/Phonzy.A!ml virus is quite unusual among other trojan viruses. “Script” word in its detection name means that it runs as a part of another program, i.e., it is embedded in the application that looks 100% legit. The ability to be embedded into the program allows this virus to be attached to literally any program – all you need is access to the source code.

In other words, the message “Trojan:Script/Phonzy.A!ml detected” during the PC usage does not means that this virus has completed its mission. Usually, Microsoft Defender shows you that notification when it detects suspicious activity. Because that anti-malware tool is embedded in your system, it can detect the malicious activity on extremely early timings. But the removal of Trojan:Script/Oneeva.a!ml is not a thing you can conduct with Defender, because of its poorly designed removal mechanism. The threat can hold up in the system for up to several weeks, and only the usage of other antivirus tools will make your system clean. Exactly, that’s why I recommend you to use the GridinSoft Anti-Malware.

How to scan for malware, spyware, ransomware, adware, and other threats.

The main sign of malware injection, which you can spectate on your device, is the general slowdown. Malware activity can consume a lot of hardware capacity, especially if we are talking about coin miners. Banking trojans does not cause much CPU load, but can easily be spotted by other signs. The online banking websites are changing to some strange form – they can be like an old version, or look like a student’s craft. You must not ignore these signs, because, as I have mentioned before, the efficiency of malware depends on your carelessness. Forehanded detection of Trojan:Script/Phonzy.A!ml is also the way to prevent the appearance of additional viruses.

Regardless of the exact signs of malware presence, you need to check your device with the proper antivirus tool. Besides the mentioned problems, Microsoft Defender also has a troublesome database update mechanism. That antivirus tool is not able to perform the update of its detections as other tools do. To apply the new detection lists, you need to install all detection database updates you missed before, and get the newest ones. During that process you need to perform several reboots. Because of such a long update cycle, MS Defender can barely provide the proper scanning power. GridinSoft Anti-Malware can detect malicious items at any moment, since its detection database is updated every hour.

How to scan your PC for Trojan:Script/Phonzy.A!ml?

Using the GridinSoft Anti-Malware, you can get rid of that virus in several clicks. However, malware creators have their own methods of counteraction. A lot of modern viruses are able to block the launching of installation files of popular anti-malware tools. GridinSoft’s program is among those tools. To prevent the virus launching, you need to reboot your system into the Safe Mode with Networking. Such a setting allows the usage of networking, but blocks the launching of all third-party software. The virus will not be able to launch and block the antivirus installation.

Reboot your PC into Safe Mode.

To launch your system in Safe Mode with Networking, open the Start menu. In that menu, press the Power icon, hold “Shift” button and choose the Restart option.

Reboot into troubleshooting

You will see the Troubleshooting mode screen. In that Windows mode, system allows you to choose the system recovery options. Follow the instructions you see below.

Safe mode

After pressing the Safe Mode button, your computer will automatically restart into that mode. After these steps, you can perform the virus removal without any doubts.

Use Gridinsoft to remove Phonzy trojan.

  • Download GridinSoft Anti-Malware by pressing the button above. Install it to proceed the malware removal. Right after the installation program will offer you to start the Standard scan.
  • GSAM during the scan process

  • Standard scan takes 3-6 minutes. It checks the disk where the system keeps its files. The majority of viruses place their files on that disk.
  • Scan results

  • After the scan is over, you can choose the action for each detected malicious item. For all dangerous viruses the default action is “Delete”. Press “Apply” to remove the viruses from your computer.
  • GSAM - After Cleaning

Frequently Asked Questions

🤔 How Do I Know My Windows 10 PC Has Trojan:Script/Phonzy.A!ml?

There are many ways to tell if your Windows 10 computer has been infected. Some of the warning signs include:

  • Computer is very slow.
  • Applications take too long to start.
  • Computer keeps crashing.
  • Your friends receive spam messages from you on social media.
  • You see a new extension that you did not install on your Chrome browser.
  • Internet connection is slower than usual.
  • Your computer fan starts up even when your computer is idle.
  • You are now seeing a lot of pop-up ads.
  • You receive antivirus notifications.

Take note that the symptoms above could also arise from other technical reasons. However, to be on the safe side, we suggest that you proactively check whether you do have malicious software on your computer. One way to do that is by running a malware scanner.

🤔 How to scan my PC with Microsoft Defender?

Most of the time, Microsoft Defender will neutralize threats before they ever become a problem. If this is the case, you can see past threat reports in the Windows Security app.

  1. Open Windows Settings. The easiest way is to click the start button and then the gear icon. Alternately, you can press the Windows key + i on your keyboard.
  2. Click on Update & Security
  3. From here, you can see if your PC has any updates available under the Windows Update tab. This is also where you will see definition updates for Windows Defender if they are available.
  4. Select Windows Security and then click the button at the top of the page labeled Open Windows Security.

    Windows Security

  5. Select Virus & threat protection.
  6. Select Scan options to get started.

    Windows Security Scan options

  7. Select the radio button (the small circle) next to Windows Defender Offline scan Keep in mind, this option will take around 15 minutes if not more and will require your PC to restart. Be sure to save any work before proceeding.
  8. Click Scan now

If you want to save some time or your start menu isn’t working correctly, you can use Windows key + R on your keyboard to open the Run dialog box and type “windowsdefender” and then pressing enter.

From the Virus & protection page, you can see some stats from recent scans, including the latest type of scan and if any threats were found. If there were threats, you can select the Protection history link to see recent activity.

If the guide doesn’t help you to remove Trojan:Script/Phonzy.A!ml infection, please download the GridinSoft Anti-Malware that I recommended. Also, you can always ask me in the comments for getting help. Good luck!

I need your help to share this article.

It is your turn to help other people. I have written this guide to help people like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Wilbur Woodham
How to Remove Trojan:Script/Phonzy.A!ml Malware

Name: Trojan:Script/Phonzy.A!ml

Description: If you have seen a message showing the “Trojan:Script/Phonzy.A!ml found”, then it’s an item of excellent information! The pc virus Phonzy was detected and, most likely, erased. Such messages do not mean that there was a truly active Phonzy on your gadget. You could have simply downloaded and install a data that contained Trojan:Script/Phonzy.A!ml, so Microsoft Defender automatically removed it before it was released and created the troubles. Conversely, the destructive script on the infected internet site can have been discovered as well as prevented prior to triggering any kind of issues.

Operating System: Windows

Application Category: Trojan

User Review
3.73 (15 votes)
Comments Rating 0 (0 reviews)

About the author

Wilbur Woodham

I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.