Malware

Graftor.288304 removal instruction

Malware Removal

The Graftor.288304 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.288304 virus can do?

  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Graftor.288304?



File Info:

name: B7D27B7CD44AD807AFF4.mlw
path: /opt/CAPEv2/storage/binaries/5f713ff3bbb9bf7148ac0d1f553032361b4a0b977097b9e188417247d60c72f7
crc32: 519F2A58
md5: b7d27b7cd44ad807aff4f7700529da6a
sha1: ddbbf549d949e44431e1e223c1df01f3f1865033
sha256: 5f713ff3bbb9bf7148ac0d1f553032361b4a0b977097b9e188417247d60c72f7
sha512: 2e51a5c4ae75b988a45a2a4a13943b6d3088f491ffe9d748d43fe981287d142ccca0833a05c8e6d4b0cc13f308eb6accaccc118dc2b5e4eb4572cca19d6ce89b
ssdeep: 3072:KWRQ/x1lar0WUs/Pb2Etwa9RsTgT2F11bDOr/5KgB5EKC5XOS5pWO:KWWo0WUsHqEtwYyTrF11bD0HB5VC5XO5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19B141202FBF1D634C48B1E3265AF4D6EAB34D5207943475F11A58E0ABDBA20077AF29D
sha3_384: be76866523edfd54ea6330c69876f09c3e9b9d59552e95cc164fd5206251cc8b71336073c7e9814aacfac7b5fae9abc7
ep_bytes: 60be005045008dbe00c0faff5783cdff
timestamp: 2010-12-06 10:06:49


Version Info:

CompanyName: Microsoft Office Corporation
FileDescription: Microsoft effecxi IxtenXio
FileVersion: 1.3.40.2212 (rtm.13)
InternalName: effecxi.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: effecxi.exe
ProductName: Microsoft® Windows® effecxi IxtenXio
ProductVersion: 1.3.40.2212
Translation: 0x0409 0x04e4

Graftor.288304 also known as:

Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Graftor.288304
FireEyeGen:Variant.Graftor.288304
SkyhighBehavesLike.Win32.Injector.cc
McAfeeArtemis!B7D27B7CD44A
Cylanceunsafe
ZillyaTrojan.Agent.Win32.120588
CrowdStrikewin/malicious_confidence_90% (D)
AlibabaTrojanClicker:Win32/MalwareF.c5cb781a
K7GWTrojan ( 005376ae1 )
K7AntiVirusTrojan ( 005376ae1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanClicker.Agent.NGR
AvastWin32:AdwareX-gen [Adw]
ClamAVWin.Trojan.Agent-1089015
KasperskyTrojan-Clicker.Win32.Agent.qsh
BitDefenderGen:Variant.Graftor.288304
NANO-AntivirusTrojan.Win32.Agent.czkgy
TencentWin32.Trojan.Agent.Kajl
SophosMal/Generic-S
F-SecureTrojan.TR/Taranis.4961
DrWebTrojan.DownLoad2.16934
VIPREGen:Variant.Graftor.288304
EmsisoftGen:Variant.Graftor.288304 (B)
MAXmalware (ai score=100)
JiangminTrojanClicker.Agent.cmt
WebrootW32.Trojan.Trojan-agent.Gen
GoogleDetected
AviraTR/Taranis.4961
VaristW32/Risk.PRCB-4230
Antiy-AVLTrojan[Clicker]/Win32.Agent
KingsoftWin32.Troj.AdClicker.a
MicrosoftTrojan:Win32/Sisron
XcitiumSuspicious@#431ywsepx4kr
ArcabitTrojan.Graftor.D46630
ZoneAlarmTrojan-Clicker.Win32.Agent.qsh
GDataGen:Variant.Graftor.288304
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Agent.C69470
BitDefenderThetaGen:NN.ZexaF.36802.lmKfam5Mkumk
ALYacGen:Variant.Graftor.288304
VBA32TrojanClicker.Agent
PandaTrj/Genetic.gen
RisingTrojan.Clicker-Agent!8.13 (TFE:5:f5cM7JBmTPD)
YandexTrojan.GenAsa!dt/MrqCK2AE
IkarusTrojan-Clicker.Win32.Agent
MaxSecureTrojan.Malware.1550095.susgen
FortinetW32/TrojanClicker.TRQ!tr
AVGWin32:AdwareX-gen [Adw]
DeepInstinctMALICIOUS
alibabacloudTrojan[stealer]:Win/Graftor

How to remove Graftor.288304?

Graftor.288304 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment