Threat Database Trojans Trojan:Win32/Grymegat.A


By Domesticus in Trojans

Trojan:Win32/Grymegat.A is a ransomware Trojan that blocks a compromised PC and shows a web page, which contains a fraudulent full-screen image/warning message covering the desktop. The bogus pop-up alert sent by Trojan:Win32/Grymegat.A is supposedly sent by a legal institution, such as the Federal Bureau of Investigation (FBI) and blames victims for alleged downloading and dispersing of illegitimate files. Trojan:Win32/Grymegat.A asks PC users to pay a fine via Green Dot MoneyPak to restore access to the locked PC. Trojan:Win32/Grymegat.A may make system changes to the corrupted PC that make it complicated for the victim to download, install, execute, or update security tool. While being installed, Trojan:Win32/Grymegat.A makes system changes by downloading malevolent files and making modifications to the registry entries. Trojan:Win32/Grymegat.A creates the registry entries that enable it to load its copy automatically whenever Windows is started. Trojan:Win32/Grymegat.A is able to avoid Windows Firewall so that it can generate a connection to another PC. Trojan:Win32/Grymegat.A does this by embedding itself to the list of legal software products that can avoid Firewall. Trojan:Win32/Grymegat.A stops several processes associated with Windows system if they are at present running on the corrupted PC.

SpyHunter Detects & Remove Trojan:Win32/Grymegat.A

File System Details

Trojan:Win32/Grymegat.A may create the following file(s):
# File Name MD5 Detections
1. %SystemDrive%\recycler\find_me.tmp
2. file.exe 2b6ffa9e8099933a2f61b2cf2f8704bd 0
3. file.exe 003269da2732b6132acd9bc21f55bb2b 0

Registry Details

Trojan:Win32/Grymegat.A may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "explorer.exe, %APPDATA%\System\winlogon.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Update" = "%APPDATA%\System\winlogon.exe"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "%APPDATA%\System\winlogon.exe" = "%APPDATA%\System\winlogon.exe:*:enabled:winlogon.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Update" = "%APPDATA%\System\winlogon.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "Update" = "%APPDATA%\System\winlogon.exe"


Most Viewed