Graftor

By ESGI Advisor in Trojans

Threat Scorecard

Popularity Rank:	9,280
Threat Level:	80 % (High)
Infected Computers:	62,306

First Seen:	October 13, 2011
Last Seen:	December 14, 2025
OS(es) Affected:	Windows

Graftor is a Trojan, which masquerades as a genuine software application. Graftor aims at connecting to the web and contacting lots of remote servers without the victim's consent and knowledge, potentially to get instructional commands from the cybercriminal, or to distribute other malware infections. Graftor connects to a remote server without the computer user's awareness. Graftor generates an invisible folder (C:\addons) and copies itself there. Graftor generates a new directory named "Programas21". Graftor disables PC user's ability to cancel Graftor's connection to the web.

Table of Contents

SpyHunter Detects & Remove Graftor

File System Details

Graftor may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	GoogleUpdate.exe	496e0c365fe971677dbf99e62aa0208e	1,143
Name: GoogleUpdate.exe MD5: 496e0c365fe971677dbf99e62aa0208e Size: 282.62 KB (282624 bytes) Detections: 1,143 Type: Executable File Path: %PROGRAMFILES%\Google Group: Malware file Last Updated: October 29, 2019
2.	klcUpd.dll	94ddc69fced08a6ed5d735027e815ec4	1,143
Name: klcUpd.dll MD5: 94ddc69fced08a6ed5d735027e815ec4 Size: 328.19 KB (328192 bytes) Detections: 1,143 Type: Dynamic link library Path: C:\Program Files (x86)\Kilchwobigh\klcUpd.dll Group: Malware file Last Updated: October 24, 2025
3.	conhost.exe	60f7cb231a831ca5cda342020a5208ce	1,031
Name: conhost.exe MD5: 60f7cb231a831ca5cda342020a5208ce Size: 1.26 MB (1265152 bytes) Detections: 1,031 Type: Executable File Path: C:\Windows\Temp\04095\conhost.exe Group: Malware file Last Updated: June 22, 2022
4.	barosvc.exe	eeab4b288312fdb32a13f8ed0a9f9edc	344
Name: barosvc.exe MD5: eeab4b288312fdb32a13f8ed0a9f9edc Size: 98.38 KB (98382 bytes) Detections: 344 Type: Executable File Path: c:\program files\barocn\barosvc.exe Group: Malware file Last Updated: April 21, 2022
5.	service.exe	29b4d30fc9fe15bf410632820e0e2e9d	317
Name: service.exe MD5: 29b4d30fc9fe15bf410632820e0e2e9d Size: 1.73 MB (1738240 bytes) Detections: 317 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: June 4, 2016
6.	InstallAddons.exe	8565b96e6239c5b987ec8202d6be1c16	205
Name: InstallAddons.exe MD5: 8565b96e6239c5b987ec8202d6be1c16 Size: 636.41 KB (636416 bytes) Detections: 205 Type: Executable File Path: %PROGRAMFILES%\Microsoft Data Group: Malware file Last Updated: March 23, 2016
7.	IGSrv.exe	e646fc2353a29dad187ae452a0fc494a	160
Name: IGSrv.exe MD5: e646fc2353a29dad187ae452a0fc494a Size: 93.18 KB (93184 bytes) Detections: 160 Type: Executable File Path: %LOCALAPPDATA%\igs Group: Malware file Last Updated: March 19, 2016
8.	ssppsv.exe	bbddd30bdb03f2e23eceeaa443f62c5a	150
Name: ssppsv.exe MD5: bbddd30bdb03f2e23eceeaa443f62c5a Size: 167.93 KB (167936 bytes) Detections: 150 Type: Executable File Path: %APPDATA%\Microsoft\Protect Group: Malware file Last Updated: August 25, 2017
9.	/service.exe	036fde7f171d46c24f243aa8688e6e68	149
Name: /service.exe MD5: 036fde7f171d46c24f243aa8688e6e68 Size: 1.73 MB (1734656 bytes) Detections: 149 Type: Executable File Path: %ALLUSERSPROFILE%\/service.exe Group: Malware file Last Updated: December 14, 2025
10.	service72564.exe	50dd9fc789764106482cb82826b34db4	94
Name: service72564.exe MD5: 50dd9fc789764106482cb82826b34db4 Size: 1.93 MB (1936896 bytes) Detections: 94 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: October 24, 2025
11.	service90132.exe	2915096fb3ccada63b983f9c68515bc8	75
Name: service90132.exe MD5: 2915096fb3ccada63b983f9c68515bc8 Size: 1.93 MB (1936896 bytes) Detections: 75 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: March 30, 2020
12.	winupd32cfg.exe	c78924cc0e6b440b5460f04f4aaf17d1	63
Name: winupd32cfg.exe MD5: c78924cc0e6b440b5460f04f4aaf17d1 Size: 89.48 KB (89484 bytes) Detections: 63 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\959403039485030\winupd32cfg.exe Group: Malware file Last Updated: April 27, 2022
13.	ssppsvc.exe	9993e3c51b65acc306f0077ca81a1a5d	49
Name: ssppsvc.exe MD5: 9993e3c51b65acc306f0077ca81a1a5d Size: 166.91 KB (166912 bytes) Detections: 49 Type: Executable File Path: %APPDATA%\Microsoft\Protect Group: Malware file Last Updated: August 25, 2017
14.	svrupg.exe	f0c179316ccfc4ad54287fbb6e8b99bf	11
Name: svrupg.exe MD5: f0c179316ccfc4ad54287fbb6e8b99bf Size: 2.76 MB (2767872 bytes) Detections: 11 Type: Executable File Path: %WINDIR%\system32\config\systemprofile\AppData\Roaming Group: Malware file Last Updated: April 8, 2016
15.	storegidup.exe	5952f628e42aaf4ac1b8ea477c455f14	9
Name: storegidup.exe MD5: 5952f628e42aaf4ac1b8ea477c455f14 Size: 219.29 KB (219296 bytes) Detections: 9 Type: Executable File Path: %LOCALAPPDATA%\storegid Group: Malware file Last Updated: March 22, 2016
16.	20d19e546d1f3082e70434b98145cc8c.exe	26ca0dfcfde6b929d4385b6c1ba6c71f	8
Name: 20d19e546d1f3082e70434b98145cc8c.exe MD5: 26ca0dfcfde6b929d4385b6c1ba6c71f Size: 818.68 KB (818688 bytes) Detections: 8 Type: Executable File Path: %PROGRAMFILES%\22cc3ef3650630662937132a51b94f7c Group: Malware file Last Updated: October 24, 2025
17.	gAC93.tmp.exe	b7f5f8489ce01c4b11ac530f24b07555	7
Name: gAC93.tmp.exe MD5: b7f5f8489ce01c4b11ac530f24b07555 Size: 151.55 KB (151552 bytes) Detections: 7 Type: Executable File Path: C:\Windows\Temp\gAC93.tmp.exe Group: Malware file Last Updated: April 23, 2022
18.	msdtabc.exe	53371ed43ea4d4b1a3401fa3f641766e	5
Name: msdtabc.exe MD5: 53371ed43ea4d4b1a3401fa3f641766e Size: 1.3 MB (1308655 bytes) Detections: 5 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: January 18, 2023
19.	g7F7E.tmp	9ba21c15300e32df90c27c6a3d808888	5
Name: g7F7E.tmp MD5: 9ba21c15300e32df90c27c6a3d808888 Size: 1.72 MB (1721856 bytes) Detections: 5 Type: Temporary File Path: C:\Windows\Temp\g7F7E.tmp Group: Malware file Last Updated: June 3, 2022
20.	print.exe	aeefcdb175394cef5f0ffeba1b673662	3
Name: print.exe MD5: aeefcdb175394cef5f0ffeba1b673662 Size: 2.96 MB (2960896 bytes) Detections: 3 Type: Executable File Path: %WINDIR%\TEMP\is-UGUVS.tmp Group: Malware file Last Updated: March 20, 2020
21.	uninit.exe	885d05e1326569602be8cbfd2e16396c	1
Name: uninit.exe MD5: 885d05e1326569602be8cbfd2e16396c Size: 560.18 KB (560186 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\BaiduEx Group: Malware file Last Updated: March 23, 2016
22.	adv_168.exe	ae0c649f117ef89f4e82667fac584330	1
Name: adv_168.exe MD5: ae0c649f117ef89f4e82667fac584330 Size: 2.07 MB (2073088 bytes) Detections: 1 Type: Executable File Path: %TEMP%\f9626892-7a78-3199-abd2-97bbce96297b Group: Malware file Last Updated: June 1, 2016
23.	msiqljp.exe	0566e2efd6b6f189c2cf9a44ebc417de	1
Name: msiqljp.exe MD5: 0566e2efd6b6f189c2cf9a44ebc417de Size: 46.26 KB (46260 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: March 23, 2016
24.	mspop.exe	1ea9632607d8e6ba9d605bdec71a8ef6	1
Name: mspop.exe MD5: 1ea9632607d8e6ba9d605bdec71a8ef6 Size: 2.01 MB (2012672 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: March 9, 2016
25.	\arquivo.exe
Name: \arquivo.exe Type: Executable File Group: Malware file
26.	\.exe.
Name: \.exe. Group: Malware file
27.	name.exe	540f9456415ec88e2ab9f5ac635d28e7	0
Name: name.exe MD5: 540f9456415ec88e2ab9f5ac635d28e7 Size: 738.3 KB (738304 bytes) Detections: 0 Type: Executable File Path: dir Group: Malware file Last Updated: September 19, 2017
28.	file.exe	f1b35868d5525248b1b6bfefb8588e14	0
Name: file.exe MD5: f1b35868d5525248b1b6bfefb8588e14 Size: 593.92 KB (593920 bytes) Detections: 0 Type: Executable File Group: Malware file

More files

Registry Details

Graftor may create the following registry entry or registry entries:

Regexp file mask

%ALLUSERSPROFILE%\msiql.exe

%ALLUSERSPROFILE%\Windows Update\svrupg.exe

%APPDATA%\svrupg.exe

%LOCALAPPDATA%\fupdate\fupdate.exe

%LOCALAPPDATA%\vfVirtualFishnet.exe

%USERPROFILE%\Local Settings\Application Data\fupdate\fupdate.exe

HKEY..\..\..\..{RegistryKeys}

"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"http://bashcontrolilimited.tecnologiaovh.com" =

"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"http://187.109.161.62/index1.php" = "AutoConfigURL"

"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"http://fitness.poxyport.info" = AutoConfigURL"

"AutoConfigUrl"

Directories

Graftor may create the following directory or directories:

%LOCALAPPDATA%\4Adobe\4low

%PROGRAMFILES%\Kilchwobigh

%PROGRAMFILES(x86)%\Kilchwobigh

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Graftor

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Graftor

File System Details

Registry Details

Directories

Submit Comment

Related Posts

Gen:Variant.Graftor.15447

Trending

Adware.Search Safer

Adware.MediaInstaller.G

Backdoor.Bifrose.O

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen