Gfg.exe: Difference between revisions
XxTheGreat12 (talk | contribs) No edit summary Tag: Manual revert |
XxTheGreat12 (talk | contribs) No edit summary Tag: Manual revert |
||
Line 17: | Line 17: | ||
*'''Virus Info with download links''': <nowiki>https://www.hybrid-analysis.com/sample/82d26220eeb8b13d253de579f604e7d7ac8abd03a2b98a924c5b14cfa4040cea/5723068caac2ed112bfd9d9d</nowiki> | *'''Virus Info with download links''': <nowiki>https://www.hybrid-analysis.com/sample/82d26220eeb8b13d253de579f604e7d7ac8abd03a2b98a924c5b14cfa4040cea/5723068caac2ed112bfd9d9d</nowiki> | ||
*'''Removal (contains the screamer image)''': <nowiki>http://www.vsantivirus.com/ghostgirl.htm</nowiki> | *'''Removal (contains the screamer image)''': <nowiki>http://www.vsantivirus.com/ghostgirl.htm</nowiki> | ||
{{Comments}} | |||
[[Category:Malware]] | [[Category:Malware]] |
Revision as of 11:39, 29 September 2024
Gfg.exe, also known as Troj/GhostGirl, or simply GhostGirl, is a Chinese screamer application created by an unknown person on September 11, 2002.
The icon is a low-resolution image of a yellow smiley face. When the user launches the application, it runs in the background, so it seems that nothing happened. However, after a short period of time, the application will suddenly display a full-screened picture of Crazy Ghost along with a loud scream.
The application will then begin to show the screamer at random intervals and repeatedly open and close the disk tray to annoy the user. The application will also run everytime the computer finishes its startup process by creating entries in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run and HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices registry keys.
Links
NOTE: The following application contains a screamer.
- Virus Info with download links: https://www.hybrid-analysis.com/sample/82d26220eeb8b13d253de579f604e7d7ac8abd03a2b98a924c5b14cfa4040cea/5723068caac2ed112bfd9d9d
- Removal (contains the screamer image): http://www.vsantivirus.com/ghostgirl.htm