is also known as Win32.Graftor, W32/Graftor
Graftor is a family of malicious Trojan horses which pretends to be legitimate applications. It tries to connect to internet and contact various different servers without user knowledge, probably to get commands from attacker, or to download more malware.
Graftor family includes several different types of malware, some of them even pretends to be a media player. Here’s a list of things that it can do:
- Modifies autorun registry to run automatically when Windows starts
- Copies malicious executable files into its profile directory
- Installs its components in background
- Connects to a remote server without user knowledge
- Creates a hidden folder (C:\addons) and copy itself there
- Creates a new directory called "Programas21"
- Disables users ability to cancel Graftors connection to the Internet
It is very important to remove Graftor from your PC. Manual removal might not delete all files of this Trojan, so it’s recommended doing a full system scan with a reputable anti-malware software to ensure your systems security level is high.
Automatic Graftor removal:
It might be that we are affiliated with any of our recommended products. Full disclosure can be found in
our Agreement of Use.
We are testing STOPzilla's efficiency at removing Graftor
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency at removing Graftor
We are testing XoftSpySE Anti Spyware's efficiency at removing Graftor
We are testing Defender Pro Ultimate's efficiency at removing Graftor
Virus Removal Phone Support
Graftor manual removal
Delete registry values:
Remove "http://184.108.40.206/index1.php" from registry value "AutoConfigURL" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\".
Remove "http://fitness.poxyport.info" from registry value "AutoConfigURL" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\".
Remove "http://bashcontrolilimited.tecnologiaovh.com" from registry value "AutoConfigUrl" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\".
Remove autorun entry "Microsofts" which is pointing to "<$WINDIR>\<$ENV(Win32Graftor3471_Filename)>.exe".
Remove autorun entry "sbthost" which is pointing to "<$APPDATA>\arquivo.exe".
The file at "<$APPDATA>\arquivo.exe
QR code for Graftor removal instructions
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than
standard barcodes, including url links, geo coordinates, and text.
The reason we add QR code to the
website is that parasites like Graftor are really hard to remove on infected computer.
you can quicly scan the QR code with your mobile device and have manual removal instructions to
uninstall Graftor right in your pocket.
Simply use the QR scanner and read removal instructions from mobile device.
Information added: 2012-06-04 07:51
Information updated: 2012-06-04 07:51
Attention: If you know know a reputable website reated to security threats, please add a link here: add url