Threat Encyclopedia

Home > Threat Center > Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

O
P
Q
R
S
T
U
V
W
X
Y
Z
Glossary

Short description

The trojan tries to download several files from the Internet. The files are then executed.

Installation

When executed the trojan copies itself in the following locations:

%system%\wbem\grpconv.exe (22016 B)
%temp%\%variable%.tmp (22016 B)

A string with variable content is used instead of %variable% .

The trojan creates and runs a new thread with its own program code within the following processes:

explorer.exe
svchost.exe

The following Registry entries are created:

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\
CurrentVersion\Winlogon]
"RunGrpConv" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
SecurityProviders]
"SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll,
msnsspc.dll, mcenspc.dll"

Other information

The trojan tries to download and execute several files from the Internet. The trojan contains a list of (1) URLs. The HTTP protocol is used.

The trojan creates the following files:

%appdata%\wiaserva.log

The following files are deleted:

%system%\grpconv.exe
%system%\dllcache\grpconv.exe

All Products:

Cart About ESET Partners United States and Canada

© 2012 ESET North America. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET spol. s r.o. or ESET North America.
All other names and brands are registered trademarks of their respective companies.