Malware

Graftor.878155 removal instruction

Malware Removal

The Graftor.878155 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.878155 virus can do?

  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Graftor.878155?



File Info:

name: B6D739577300B0D219CF.mlw
path: /opt/CAPEv2/storage/binaries/6282ce6e4e4b4859ff7395ccf1f0d6cb1748f35e0aae32edb331c6c5b1b6570b
crc32: FC3FB63F
md5: b6d739577300b0d219cfd2925d5d9360
sha1: 84ec891ba8612ababb88e488ee0461d820bd783e
sha256: 6282ce6e4e4b4859ff7395ccf1f0d6cb1748f35e0aae32edb331c6c5b1b6570b
sha512: 6096439a9690e0df124372afe490ff9b203c87da9c6d47cabe1e51d0aaae53611a1e7eec049c00903f2753cbb3bea7d1a73d4b029a9ceadb33baa521f2180aab
ssdeep: 6144:mXwxyq6aepxnKsW2tUtG2w+0wBlk3sOh3muQrH8V:mXwX63xnimQG2wPOS9Eug
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DB8412108B465703D439B6782656911A906A9E733D060139F7EBB023F972FD33FEB296
sha3_384: 104d30ec2f6b1408f42a76df32cdb9c1ed95e8634cade3acfb8306f69920849bd12d3fca32be26b42c38b575b4ff4833
ep_bytes: 60e80000000058055a0b00008b3003f0
timestamp: 2013-12-08 02:41:30


Version Info:

FileDescription: Podcast Install Manager
FileVersion: 7.0.2.2
InternalName: Podcast Video Player
LegalCopyright: Copyright (c) 2013, Sky92
OriginalFilename: TODO.EXE
ProductName: Podcast Video Player
ProductVersion: 7.0.2.2
Translation: 0x0409 0x04b0

Graftor.878155 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Blocker.j!c
MicroWorld-eScanGen:Variant.Graftor.878155
CAT-QuickHealTrojan.Kilim.H.mue
McAfeeArtemis!B6D739577300
MalwarebytesMalware.Heuristic.1003
ZillyaTrojan.Blocker.Win32.20585
SangforDownloader.Win32.Blocker.Vfb8
AlibabaRansom:Win32/Blocker.09edca3d
ArcabitTrojan.Graftor.DD664B
CyrenW32/Backdoor.JDTI-6334
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDownloader.AutoHK.GR
ZonerTrojan.Win32.22356
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Blocker.eyfr
BitDefenderGen:Variant.Graftor.878155
NANO-AntivirusTrojan.Win32.Dwn.dbxmvq
AvastWin32:Downloader-USN [Trj]
TencentWin32.Trojan.Blocker.Ogil
TACHYONRansom/W32.Blocker.395776
EmsisoftGen:Variant.Graftor.878155 (B)
F-SecureTrojan.TR/Graftor.124384
DrWebTrojan.DownLoader11.841
VIPREGen:Variant.Graftor.878155
TrendMicroRansom_Blocker.R002C0DIH23
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.b6d739577300b0d2
SophosMal/Generic-S
IkarusTrojan-Spy.Agent
JiangminTrojan/Blocker.hmp
WebrootW32.Rogue.Gen
AviraTR/Graftor.124384
Antiy-AVLTrojan[Ransom]/Win32.Blocker
XcitiumMalware@#2yjd450go2fwm
MicrosoftTrojan:Win32/Kilim.D
ViRobotTrojan.Win32.Z.Blocker.395776.A
ZoneAlarmTrojan-Ransom.Win32.Blocker.eyfr
GDataGen:Variant.Graftor.878155
GoogleDetected
AhnLab-V3Trojan/Win32.Blocker.R92199
ALYacGen:Variant.Graftor.878155
MAXmalware (ai score=89)
VBA32TrojanDownloader.Agent
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallRansom_Blocker.R002C0DIH23
RisingTrojan.Spy.Win32.Blocker.av (CLASSIC)
YandexTrojan.Blocker!riYQImlPkes
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Blocker.EYFR!tr
AVGWin32:Downloader-USN [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Graftor.878155?

Graftor.878155 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment