Jump to content

Where can I find more on Gen:Variant.Graftor.133445 (B)?


Recommended Posts

This weekend I was helping someone who uses Microsoft Security Essentials for protection on his PC. I noticed that MSE crashed each time I tried to open it and I could not see it in the tray. However, it worked fine if I logged in as a different user. So I suspected a virus (or program incompatibility) and noticed a strange startup entry in the registry, which was having a strange key name and unusual folder location (main folder of %APPDATA%). Sure enough EEK confirmed the single hidden file in that folder (which was created 3 days ago) was a virus, labeled as Gen:Variant.Graftor.133445 (B). Fortunately, EEK was able to remove it! Still I would like to know more on this virus to decide what next steps need to be taken (changing passwords? etc.).

 

Where can I find more on Gen:Variant.Graftor.133445 (B)?

Link to post
Share on other sites

XIII,

Did you delete the file or quarantine the file?

Not sure if it would help if you have a copy of the file in quarantine. Graftor is a generic detection for a trojan. Even if you could analyze the file now, you never know what binaries were downloaded and executed by this trojan 3 days ago. Files on the malware host may change every minute.

I would never trust a machine that was infected. Clean install, change passwords and don't rely on MSE.

Link to post
Share on other sites

I deleted the file. However it is (unfortunately) still available in the bitwise disk image I made a day earlier (I only ran HitmanPro.Alert before creating that backup).

 

I think the same about that machine as you, but it's not mine and I don't have physical access to it until next weekend.

Link to post
Share on other sites

XIII, I thought HitmanPro. Alert was a browser plugin only. not a scanner. I could be wrong though...
If there's another image from before the infection there's no need to perform a clean install.

Link to post
Share on other sites

XIII, I thought HitmanPro. Alert was a browser plugin only. not a scanner. I could be wrong though...

If there's another image from before the infection there's no need to perform a clean install.

 

Sorry, I indeed meant HitmanPro, the second opinion scanner. Guess I'm looking forward too much to the recently announced version 3 of HitmanPro.Alert, the browser plugin / EMET replacement)

 

Unfortunately there is only 1 image (1:1 sector copy on external hard disk), made the day after the infection, but the day before the detection...

 

HitmanPro did not detect anything (I routinely run that before making a backup) until I manually removed the malware startup entry in HKCU/Run.

 

It is a plugin and it offers you to run on-demand HP scan upon malware detection.

 

Yes, I (also) have a beta version of HitmanPro.alert running on that machine for quite a while, but it did not complain (or the owner of the PC did not notice).

Link to post
Share on other sites
  • 9 months later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...