Gfg.exe: Difference between revisions
XxTheGreat12 (talk | contribs) No edit summary |
XxTheGreat12 (talk | contribs) No edit summary |
||
(4 intermediate revisions by 3 users not shown) | |||
Line 7: | Line 7: | ||
|date = September 11th, 2002 | |date = September 11th, 2002 | ||
}} | }} | ||
'''Gfg.exe''', also known as '''Troj/GhostGirl''', or simply '''GhostGirl''', is a Chinese [[screamer]] application created by an unknown user on September 11th, 2002. | '''Gfg.exe''', also known as '''Troj/GhostGirl''', or simply '''GhostGirl''', is a Chinese [[screamer]] application created by an unknown user on September 11th, 2002 and it was written in [[wikipedia:Visual_Basic_(classic)|Visual Basic]] 6.0 programming language. | ||
The icon is a low-resolution image of a yellow smiley face. When the user launches the application, it runs in the background, so it seems that nothing happened. However, after a short period of time, the application will suddenly display a full-screened picture of [[Crazy Ghost]] along with a loud scream. | The icon is a low-resolution image of a yellow smiley face. When the user launches the application, it runs in the background, so it seems that nothing happened. However, after a short period of time, the application will suddenly display a full-screened picture of [[Crazy Ghost]] along with a loud scream. | ||
The application will then begin to show the screamer at random intervals and repeatedly open and close the disk tray to annoy the user | The application will then begin to show the screamer at random intervals and repeatedly open and close the disk tray to annoy the user, and will also run everytime the computer finishes its startup process by creating entries in the '''"HKLM\Software\Microsoft\Windows\CurrentVersion\Run"''' and '''"HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices"''' registry keys. The application will even turn the computer on automatically at midnight hours while it is turned off so that the screamer can appear while the user is most likely sleeping so that they can get scared either way. | ||
== Links == | == Links == | ||
Line 17: | Line 17: | ||
*'''Virus info with download links:''' hybrid-analysis.com/sample/82d26220eeb8b13d253de579f604e7d7ac8abd03a2b98a924c5b14cfa4040cea/5723068caac2ed112bfd9d9d | *'''Virus info with download links:''' hybrid-analysis.com/sample/82d26220eeb8b13d253de579f604e7d7ac8abd03a2b98a924c5b14cfa4040cea/5723068caac2ed112bfd9d9d | ||
*'''Removal (contains the screamer image):''' vsantivirus.com/ghostgirl.htm | *'''Removal (contains the screamer image):''' vsantivirus.com/ghostgirl.htm | ||
{{Maliciousnav}} | |||
{{Comments}} | {{Comments}} | ||
[[Category:Malware]] | [[Category:Malware]] |
Latest revision as of 16:30, 20 October 2024
Gfg.exe, also known as Troj/GhostGirl, or simply GhostGirl, is a Chinese screamer application created by an unknown user on September 11th, 2002 and it was written in Visual Basic 6.0 programming language.
The icon is a low-resolution image of a yellow smiley face. When the user launches the application, it runs in the background, so it seems that nothing happened. However, after a short period of time, the application will suddenly display a full-screened picture of Crazy Ghost along with a loud scream.
The application will then begin to show the screamer at random intervals and repeatedly open and close the disk tray to annoy the user, and will also run everytime the computer finishes its startup process by creating entries in the "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" and "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" registry keys. The application will even turn the computer on automatically at midnight hours while it is turned off so that the screamer can appear while the user is most likely sleeping so that they can get scared either way.
Links
NOTE: The following application contains a screamer and as well as a malicious script that will harm your device.
- Virus info with download links: hybrid-analysis.com/sample/82d26220eeb8b13d253de579f604e7d7ac8abd03a2b98a924c5b14cfa4040cea/5723068caac2ed112bfd9d9d
- Removal (contains the screamer image): vsantivirus.com/ghostgirl.htm