Trojan:Win32/Grymegat.B

By Domesticus in Trojans

Trojan:Win32/Grymegat.B is a Trojan that is not able to circulate by itself. Trojan:Win32/Grymegat.B may fulfill a number of actions selected by a cybercriminal on a targeted PC. When installed on the vulnerable computer system, Trojan:Win32/Grymegat.B makes system changes by downloading malevolent files and modifying the Windows Registry. Trojan:Win32/Grymegat.B makes modifications to the registry entries so that its copy can be initiated automatically whenever Windows is started. Trojan:Win32/Grymegat.B makes modifications to system security settings by disabling the LUA (Least Privileged User Account), otherwise known as the 'administrator in Admin Approval Mode' user type, by changing registry entries. Disabling the LUA permits all programs to start by default with all administrative privileges, without the computer user being encourages for explicit permission. Trojan:Win32/Grymegat.B contacts a remote host to notify about a new infection to its creator, to download and run arbitrary files (incorporating updates or other malware infections), to get configuration or other information, to receive commands from remote cybercrimianls and to upload data received from the affected PC.

Table of Contents

SpyHunter Detects & Remove Trojan:Win32/Grymegat.B

File System Details

Trojan:Win32/Grymegat.B may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	C:\Documents and Settings\\application data\system\system.exe
Name: C:\Documents and Settings\<username>\application data\system\system.exe Type: Executable File Group: Malware file
2.	C:\Documents and Settings\\application data\rt1.jpg
Name: C:\Documents and Settings\<username>\application data\rt1.jpg Group: Malware file
3.	C:\Documents and Settings\\start menu\programs\startup\iexplore.lnk
Name: C:\Documents and Settings\<username>\start menu\programs\startup\iexplore.lnk Type: Shortcut Group: Malware file
4.	file.exe	03b4bbd4b7e6f0403dc6d215d6bdc6b7	0
Name: file.exe MD5: 03b4bbd4b7e6f0403dc6d215d6bdc6b7 Size: 62.46 KB (62464 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 11, 2013
5.	file.exe	58098e72ad3fa4372115cbc15dbcd1ba	0
Name: file.exe MD5: 58098e72ad3fa4372115cbc15dbcd1ba Size: 75.77 KB (75776 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 11, 2013
6.	file.exe	0d971da1fd0295eae02638bc5278b94d	0
Name: file.exe MD5: 0d971da1fd0295eae02638bc5278b94d Size: 114.68 KB (114688 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 11, 2013

Registry Details

Trojan:Win32/Grymegat.B may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "EnableLUA" = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "explorer.exe, c:\documents and settings\administrator\application data\system\system.exe" "EnableLUA" = "0"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan:Win32/Grymegat.B

SpyHunter Detects & Remove Trojan:Win32/Grymegat.B

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen