Gromozon is a new rootkit in the block. It installs a spyware called LinkOptimizer, giving the rootkit power to the spyware. Gromozon is a user mode rootkit and uses the AppInit_DLLs Registry key to load its DLL into memory. Moreover it hides this Registry key and hence it can not be viewed by "normal" tools like Regedit or HijackThis. Along with this, it also uses a host of other techniques like - randomly named DLLs, using Windows reserved names, hiding as ADS in NTFS systems etc. The DLL registered in the AppInit_DLLs key is responsible for the rootkit like behavior of Gromozon. It hooks some APIs in Kernel32.dll, Advapi32.dll, Psapi.dll and Ntdll.dll, to hide its files.
Prevx has released a removal tool which successfully detects and removes the Gromozon rootkit. You can download it here.
More information regarding the Gromozon can be obtained at CastleCops Wiki and in this excellent PDF document by Prevx researcher Marco Guiliani.