W32.Grum.A


Aliases: W32/Grum, Win32/Grum.A, W32/Grum.a!inf, W32/Grum-A, Win32.Grum.Gen
Variants: Virus.Win32.Grum.a, W32/Grum.c, W32/Grum.b, W32.Mytob.FX@mm, Trojan:Win32/Grum.A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Europe, Asia
Removal: Easy
Platform: W32
Discovered: 30 Mar 2007
Damage: Medium

Characteristics: The execution of this virus leads to an attack on all executable files that it can find stored in the hard drive of the infected computer system. The presence of the W32.Grum.A will also allow the installation of a rootkit which is used to conceal the fact that the system has already been compromised. The user normally is led to a false sense of security believing that the computer system has maintained its integrity.

More details about W32.Grum.A

The initial execution of the W32.Grum.A virus will place an executable file into a temporary folder of the hard drive. This file serves as the main trigger file which will cause an infection on the executable files in the machine. The W32.Grum.A will insert its codes into the target executable files which will lead to an increase in the file size. This particular virus variant does not infect all executable files but rather only those which are associated with the Run keys in the Windows Registry. This is done by the W32.Grum.A while it is creating its own key value in the Windows Registry allowing it to load automatically together with the operating system and loading into system memory.

The Windows Hosts file will also be attacked by the W32.Grum.A by attempting to truncate its contents. The Windows Hosts file is partially responsible on how the operating system and the Web browser will identify URL requests made by the computer user. By truncating the entries in this file the W32.Grum.A may influence and redirect the Web browser to malicious websites. Another potential danger from the W32.Grum.A is the modification and patching of certain Dynamic Link Library files giving it more influence on the infected computer system. It attempts to connect to remote locations using an unsecured backdoor.