Aliases: Troj/Grador, Grador, Win32:Envia, Win32/Grador.A, PSW.EBTReporter
Variants: Troj/Grador-B, Trojan-PSW.Win32.EBTReporter.20.b, Trojan.PSW.EBTReporter.20.b, Win32.HLLM.Generic.41, PWS:Win32/EBTReporter.20.C

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Slow
Geographical info: South America, Europe
Removal: Easy
Platform: W32
Discovered: 25 Jul 2002
Damage: Low

Characteristics: The W32.Grador is considered as a Trojan Horse primarily because it is sent as a type of file which seems harmless. The malicious author of this threat includes it as a file attachment to an email message that makes use of a random subject line and message body. It results to different types of deception to convince the recipient to execute the file attachment. In most instances the sendre's email address is traced from Brazil.

More details about W32.Grador

The W32.Grador is considered as a type of Trojan Horse thief which means that it is deployed by its malicious author with the intention of stealing confidential information from the infected computer system. Like Worms, these types of threats most of the time require user intervention before its payload can be deployed. Once the W32.Grador successfully gets into a vulnerable machine it will extract an executable file instance of itself. It will also modify the Windows Registry keys to make sure that it can automatically load together with the operating system each time the infected machine is booted up. As part of its deceptive nature, the W32.Grador may use a Windows Registry key value that is identified as a legitimate antivirus application.

There are a number of ways how a data thief like the W32.Grador may transmit information to its malicious author. One of the more popular ways is to use email messaging. This is done in the background without the user's knowledge. Another common method is to open an unprotected backdoor on the machine. The malicious author of the W32.Grador can then connect remotely and gather data. Manual removal of the W32.Grador requires deletion of its executable file as well as its associated Windows Registry key. In some instances the machine needs to be booted in Safe Mode before the malware is successfully removed..