Trojan:Win32/Grymegat.A

By Domesticus in Trojans

Trojan:Win32/Grymegat.A is a ransomware Trojan that blocks a compromised PC and shows a web page, which contains a fraudulent full-screen image/warning message covering the desktop. The bogus pop-up alert sent by Trojan:Win32/Grymegat.A is supposedly sent by a legal institution, such as the Federal Bureau of Investigation (FBI) and blames victims for alleged downloading and dispersing of illegitimate files. Trojan:Win32/Grymegat.A asks PC users to pay a fine via Green Dot MoneyPak to restore access to the locked PC. Trojan:Win32/Grymegat.A may make system changes to the corrupted PC that make it complicated for the victim to download, install, execute, or update security tool. While being installed, Trojan:Win32/Grymegat.A makes system changes by downloading malevolent files and making modifications to the registry entries. Trojan:Win32/Grymegat.A creates the registry entries that enable it to load its copy automatically whenever Windows is started. Trojan:Win32/Grymegat.A is able to avoid Windows Firewall so that it can generate a connection to another PC. Trojan:Win32/Grymegat.A does this by embedding itself to the list of legal software products that can avoid Firewall. Trojan:Win32/Grymegat.A stops several processes associated with Windows system if they are at present running on the corrupted PC.

Table of Contents

SpyHunter Detects & Remove Trojan:Win32/Grymegat.A

File System Details

Trojan:Win32/Grymegat.A may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%SystemDrive%\recycler\find_me.tmp
Name: %SystemDrive%\recycler\find_me.tmp Type: Temporary File Group: Malware file
2.	file.exe	2b6ffa9e8099933a2f61b2cf2f8704bd	0
Name: file.exe MD5: 2b6ffa9e8099933a2f61b2cf2f8704bd Size: 135.16 KB (135168 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 11, 2013
3.	file.exe	003269da2732b6132acd9bc21f55bb2b	0
Name: file.exe MD5: 003269da2732b6132acd9bc21f55bb2b Size: 103.93 KB (103936 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 11, 2013

Registry Details

Trojan:Win32/Grymegat.A may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "explorer.exe, %APPDATA%\System\winlogon.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Update" = "%APPDATA%\System\winlogon.exe"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "%APPDATA%\System\winlogon.exe" = "%APPDATA%\System\winlogon.exe:*:enabled:winlogon.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Update" = "%APPDATA%\System\winlogon.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "Update" = "%APPDATA%\System\winlogon.exe"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan:Win32/Grymegat.A

SpyHunter Detects & Remove Trojan:Win32/Grymegat.A

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen