About "Graftor.293810" infection

The Graftor.293810 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Graftor.293810 virus can do?

Executable code extraction
Creates RWX memory
Reads data out of its own binary image
Attempts to modify Internet Explorer’s start page
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Tries to unhook or modify Windows functions monitored by Cuckoo
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Graftor.293810?


File Info:
crc32: CA817FCF
md5: 8b69769dae80bbe6cd3b5c56c786934c
name: lingge2.2.exe
sha1: ac57ed477985c71f5b5e41e47198e04bc19ccd09
sha256: ffa654a51edf5c4f4c8a7bfee76580f049373908ddf5e3b0a3ffcb216020f320
sha512: a582218eb9d43ea2658655580edf62f9faddc147ae34a8bab4841262f048e9cf81e2ffb74ccbef7e53a7d5fde55c14fb3a64c13591abda556d356a693f4d0dab
ssdeep: 6144:wVJcMSOHwVEH/nau7tn0nWBE3G/4CLU2rAOVZI9e5DiVDNcToSZdZ:K2yYEvXGUUb2rAYDi5YoSnZ
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
LegalCopyright: x7396x7231x8f85x52a9x7f51xff1awww.9ifz.cc
FileVersion: 1.0.0.0
CompanyName: x7396x7231x8f85x52a9x7f51
LegalTrademarks: www.9ifz.cc
ProductName: x591ax7ebfx7a0bx641cx7d22x5173x952ex8bcdx63d0x53d6urlx53cax6d3bx8dc3IPx6bb5
ProductVersion: 1.0.0.0
FileDescription: x51ccx54e5QQxff1a1027663760
Translation: 0x0804 0x0000

Graftor.293810 also known as:

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
DrWeb	Trojan.StartPage1.57390
MicroWorld-eScan	Gen:Variant.Graftor.293810
FireEye	Gen:Variant.Graftor.293810
ALYac	Gen:Variant.Graftor.293810
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Adware ( 00506e8d1 )
BitDefender	Gen:Variant.Graftor.293810
K7GW	Adware ( 00506e8d1 )
CrowdStrike	win/malicious_confidence_70% (W)
TrendMicro	TROJ_GEN.R022C0PGD20
BitDefenderTheta	Gen:NN.ZexaF.34152.umKfauQA8deb
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 85)
Kaspersky	Trojan.Win32.Agent.xaafzz
Alibaba	Trojan:Win32/xbrgt.7b3dbf83
NANO-Antivirus	Trojan.Win32.Graftor.fqlnrh
AegisLab	Trojan.Win32.Graftor.4!c
Tencent	Win32.Trojan.Agent.Ecar
Ad-Aware	Gen:Variant.Graftor.293810
Comodo	Packed.Win32.MUPX.Gen@24tbus
F-Secure	Trojan.TR/Agent.xbrgt
Invincea	heuristic
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Agent
Jiangmin	Trojan.Agent.ceca
Avira	TR/Agent.xbrgt
Antiy-AVL	Trojan/Win32.Agent
Microsoft	Trojan:Win32/Occamy.CFF
ZoneAlarm	Trojan.Win32.Agent.xaafzz
GData	Gen:Variant.Graftor.293810
AhnLab-V3	Malware/Win32.Generic.C4046561
McAfee	RDN/Generic.cf
VBA32	BScope.Trojan.Blamon
ESET-NOD32	a variant of Win32/Packed.BlackMoon.A potentially unwanted
TrendMicro-HouseCall	TROJ_GEN.R022C0PGD20
Rising	Trojan.Agent!8.B1E (CLOUD)
Yandex	Trojan.Agent!6uN2664Am4o
SentinelOne	DFI – Malicious PE
eGambit	Trojan.Generic
Fortinet	Riskware/Application
AVG	FileRepMalware
Cybereason	malicious.dae80b
Panda	Trj/GdSda.A
Qihoo-360	HEUR/QVM18.1.4E55.Malware.Gen

How to remove Graftor.293810?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Graftor.293810” infection