Graftor is a family of malicious Trojan horses which pretends to be legitimate applications. It tries to connect to internet and contact various different servers without user knowledge, probably to get commands from attacker, or to download more malware.
Graftor family includes several different types of malware, some of them even pretends to be a media player. Here’s a list of things that it can do:
- Modifies autorun registry to run automatically when Windows starts
- Copies malicious executable files into its profile directory
- Installs its components in background
- Connects to a remote server without user knowledge
- Creates a hidden folder (C:\addons) and copy itself there
- Creates a new directory called "Programas21"
- Disables users ability to cancel Graftors connection to the Internet
It is very important to remove Graftor from your PC. Manual removal might not delete all files of this Trojan, so it’s recommended doing a full system scan with a reputable anti-malware software to ensure your systems security level is high.
It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
and Agreement of Use
Graftor manual removal:
Delete registry values:
Remove "http://18.104.22.168/index1.php" from registry value "AutoConfigURL" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\".
Remove "http://fitness.poxyport.info" from registry value "AutoConfigURL" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\".
Remove "http://bashcontrolilimited.tecnologiaovh.com" from registry value "AutoConfigUrl" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\".
Remove autorun entry "Microsofts" which is pointing to "<$WINDIR>\<$ENV(Win32Graftor3471_Filename)>.exe".
Remove autorun entry "sbthost" which is pointing to "<$APPDATA>\arquivo.exe".
The file at "<$APPDATA>\arquivo.exe
QR code for Graftor removal instructions:
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.
The reason we add QR code to the website is that parasites like Graftor are really hard to remove on infected computer.
you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall Graftor right in your pocket.
Simply use the QR scanner and read removal instructions from mobile device.