[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

should I delete C:\Windows\System32\grpconv.exe

Posted on 2011-10-03
6
Medium Priority
?
2,037 Views
Last Modified: 2012-08-13
Whilst trying to clean up a nasty redirect virus I ran RKill. According to the RKILL log it stopped one process. here's the log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 10/03/2011 at  9:30:41.
Operating System: Windows 7 Professional
Processes terminated by Rkill or while it was running:

C:\Windows\System32\grpconv.exe


Rkill completed on 10/03/2011 at  9:30:41.
Rkill completed on 10/03/2011 at  9:31:20.

I've read grpconv.exe can be an essential windows element. I've read it can be a virus. So what do I do now? Thanks
0
Comment
Question by:oliviajones
  • 3
  • 2
6 Comments
 
LVL 7

Expert Comment

by:ednetman
ID: 36907364
A quick search shows 50/50 results.
http://www.threatexpert.com/files/grpconv.exe.html

I would scan the file using VirusTotal to make sure.
http://www.virustotal.com

~Ed
0
 
LVL 61

Expert Comment

by:HainKurt
ID: 36907366
what is size and modification on this exe?

I have this

C:\Windows\System32\grpconv.exe
16,384 byte
created : ¿July-¿13-¿09, ¿¿7:40:18 PM
modified : ¿July-¿13-¿09, ¿¿9:14:21 PM
accessed : ¿July-¿13-¿09, ¿¿7:40:18 PM
Product version: 6.1.7600.16385
0
 

Author Comment

by:oliviajones
ID: 36907432
All of my info in properties is identical to Hainkurt's. Does that mean the file's OK? Thanks.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 61

Accepted Solution

by:
HainKurt earned 2000 total points
ID: 36907452
this program is a part of MS Operating System, named as "Windows Progman Group Converter"

nothing to worry about this :) any other entry in log?
0
 

Author Comment

by:oliviajones
ID: 36907462
nope. thanks.
0
 

Author Closing Comment

by:oliviajones
ID: 36907466
thanks for quickest, most direct solution
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
If you are like me and like multiple layers of protection, read on!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question