msgran.exe - Dangerous
msgran.exe
Manual removal instructions:
Antivirus Report of msgran.exe:
msgran.exe
W32.Gramos is a network-aware worm that downloads the Trojan proxy, Backdoor.Ranck.
It does the following:
Downloads the Trojan proxy, Backdoor.Ranck, from a hard-coded URL, copies it to C:\winnt\Mh.exe, and then executes it.
Registers itself as a service process on Windows 95/98/Me systems to hide itself from the task list.
Calculates a random IP address.
Enumerates the users on the remote server and then attempts to connect using these usernames with a blank password.
Copies itself to \\\c$\winnt\system32\Msgran.exe.
Remotely schedules a task to run the worm on the newly infected computer.
To remove it from autorun section, navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value:
"Messenger start-up"="Msgran.exe"
Use RegRun Startup Optimizer to automatically remove it.
| msgran.exe | Malware |
| msgran.exe | Dangerous |
| msgran.exe | High Risk |
It does the following:
Downloads the Trojan proxy, Backdoor.Ranck, from a hard-coded URL, copies it to C:\winnt\Mh.exe, and then executes it.
Registers itself as a service process on Windows 95/98/Me systems to hide itself from the task list.
Calculates a random IP address.
Enumerates the users on the remote server and then attempts to connect using these usernames with a blank password.
Copies itself to \\
Remotely schedules a task to run the worm on the newly infected computer.
To remove it from autorun section, navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value:
"Messenger start-up"="Msgran.exe"
Use RegRun Startup Optimizer to automatically remove it.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.