Can't delete/remove grpconv.exe

We're doing some vulnerability remediation and grpconv.exe keeps coming up. The file is located in c:\windows\system32\. I am aware that grpconv.exe is used to convert legacy start menu items to a newer format. This is a Windows Server 2003 SP2 system, and so grpconv.exe is not needed on the server.

If I delete or rename c:\windows\system32\grpconv.exe, the file reappears after a few seconds. That's a clear warning sign. However, neither a Trend Micro manual scan or HijackThis reports anything odd on this system.

Thoughts/ideas?
puryear-itAsked:
Who is Participating?
 
OP_ZaharinConnect With a Mentor Commented:
hi,
- try to remove it using remover tool specifically for removing GrpConv:
http://www.securitystronghold.com/gates/grpconv.html

- or manually remove it using this method:
http://comprolive.com/remove/harmful/exe/ctfmon-exe-service-exe-wininet-exe-grpconv-exe
0
 
puryear-itAuthor Commented:
BTW, the simplest solution is to just reboot the server in Safe Mode and delete the files manually. So that's done.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.