Gfg.exe: Difference between revisions

From Screamer Wiki
Jump to: navigation, search
No edit summary
Tag: Manual revert
No edit summary
Tag: Manual revert
Line 17: Line 17:
*'''Virus Info with download links''': <nowiki>https://www.hybrid-analysis.com/sample/82d26220eeb8b13d253de579f604e7d7ac8abd03a2b98a924c5b14cfa4040cea/5723068caac2ed112bfd9d9d</nowiki>
*'''Virus Info with download links''': <nowiki>https://www.hybrid-analysis.com/sample/82d26220eeb8b13d253de579f604e7d7ac8abd03a2b98a924c5b14cfa4040cea/5723068caac2ed112bfd9d9d</nowiki>
*'''Removal (contains the screamer image)''': <nowiki>http://www.vsantivirus.com/ghostgirl.htm</nowiki>
*'''Removal (contains the screamer image)''': <nowiki>http://www.vsantivirus.com/ghostgirl.htm</nowiki>
{{Comments}}


[[Category:Malware]]
[[Category:Malware]]

Revision as of 11:39, 29 September 2024

Gfg.exe, also known as Troj/GhostGirl, or simply GhostGirl, is a Chinese screamer application created by an unknown person on September 11, 2002.

The icon is a low-resolution image of a yellow smiley face. When the user launches the application, it runs in the background, so it seems that nothing happened. However, after a short period of time, the application will suddenly display a full-screened picture of Crazy Ghost along with a loud scream.

The application will then begin to show the screamer at random intervals and repeatedly open and close the disk tray to annoy the user. The application will also run everytime the computer finishes its startup process by creating entries in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run and HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices registry keys.

Links

NOTE: The following application contains a screamer.

  • Virus Info with download links: https://www.hybrid-analysis.com/sample/82d26220eeb8b13d253de579f604e7d7ac8abd03a2b98a924c5b14cfa4040cea/5723068caac2ed112bfd9d9d
  • Removal (contains the screamer image): http://www.vsantivirus.com/ghostgirl.htm


Comments

Comments

Loading comments...