XIII

Where can I find more on Gen:Variant.Graftor.133445 (B)?

Recommended Posts

This weekend I was helping someone who uses Microsoft Security Essentials for protection on his PC. I noticed that MSE crashed each time I tried to open it and I could not see it in the tray. However, it worked fine if I logged in as a different user. So I suspected a virus (or program incompatibility) and noticed a strange startup entry in the registry, which was having a strange key name and unusual folder location (main folder of %APPDATA%). Sure enough EEK confirmed the single hidden file in that folder (which was created 3 days ago) was a virus, labeled as Gen:Variant.Graftor.133445 (B). Fortunately, EEK was able to remove it! Still I would like to know more on this virus to decide what next steps need to be taken (changing passwords? etc.).

 

Where can I find more on Gen:Variant.Graftor.133445 (B)?

Share this post


Link to post
Share on other sites

XIII,

Did you delete the file or quarantine the file?

Not sure if it would help if you have a copy of the file in quarantine. Graftor is a generic detection for a trojan. Even if you could analyze the file now, you never know what binaries were downloaded and executed by this trojan 3 days ago. Files on the malware host may change every minute.

I would never trust a machine that was infected. Clean install, change passwords and don't rely on MSE.

Share this post


Link to post
Share on other sites

I deleted the file. However it is (unfortunately) still available in the bitwise disk image I made a day earlier (I only ran HitmanPro.Alert before creating that backup).

 

I think the same about that machine as you, but it's not mine and I don't have physical access to it until next weekend.

Share this post


Link to post
Share on other sites

XIII, I thought HitmanPro. Alert was a browser plugin only. not a scanner. I could be wrong though...
If there's another image from before the infection there's no need to perform a clean install.

Share this post


Link to post
Share on other sites

XIII, I thought HitmanPro. Alert was a browser plugin only. not a scanner. I could be wrong though...

If there's another image from before the infection there's no need to perform a clean install.

 

Sorry, I indeed meant HitmanPro, the second opinion scanner. Guess I'm looking forward too much to the recently announced version 3 of HitmanPro.Alert, the browser plugin / EMET replacement)

 

Unfortunately there is only 1 image (1:1 sector copy on external hard disk), made the day after the infection, but the day before the detection...

 

HitmanPro did not detect anything (I routinely run that before making a backup) until I manually removed the malware startup entry in HKCU/Run.

 

It is a plugin and it offers you to run on-demand HP scan upon malware detection.

 

Yes, I (also) have a beta version of HitmanPro.alert running on that machine for quite a while, but it did not complain (or the owner of the PC did not notice).

Share this post


Link to post
Share on other sites

 

 

Where can I find more on Gen:Variant.Graftor.133445 (B)?

you should ask bitdefender forum or bitdefender customer care as this threat is named under bitdfender engine... they of course must know the name of that malware

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.