Windows Startup Programs database Startup Programs - Dangerous - G
Home
Features  
   On-line Guide
   Help On-line
   Screenshots

Order
Download  
    Localization
Awards
Support  
   NI Forum
   Mickey Forum
   Greatis Forum

Startup Programs
Application Database

Hot!
Download:
RegRun 4.0 beta 2

What's new?

Greatis Home


Subscribe:

The Application Database suggests you which Windows startup programs are usefual and which are bad.
The recommended tool for quickly removing the useless programs is RegRun Startup Optimizer.
www.startupapps.com


Get RegRun now! Buy Now! Purchase RegRun Suite
Download Download RegRun Suite
Search Database for:

RegRun > Greatis Startup Application Database > Dangerous > G

Dangerous 

g_client.exe
g_server.exe
gadget.exe
gain_trickler_3202.exe
game.exe
gc.exe
gcfg.exe
gcinet.exe
gcinetnt.exe
gdi32.exe
genvirus.exe
gesfm32.exe
gf.exe
gf10beta.exe
ghostdog.exe
gigabyte.exe
gip110doc.exe
gip110exe.exe
gip110jpg.exe
gip110zip.exe
gip111exe.exe
gip111jpg.exe
gip112doc.exe
gip112jpg.exe
gip113doc.exe
gip113jpg.exe
gipsvr107a.exe
gipsvr108.exe
gipsvr111.exe
gipwizard.exe
girls.exe
glide16.exe
gmlku.exe
gmt.exe
goal.exe
goal1.exe
gog.exe
gr.exe
gravedad.exe
grcfram.exe
grreg.exe
guiconf.exe
g-zilla.exe

g_client.exe
Remote Access

g_server.exe
Remote Access

gadget.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

gain_trickler_3202.exe
Adverising spyware. Part of DIVX 5.02 package.
Remove it. Also remove GStartup.lnk.

game.exe
Remote Access / Trojan dropper
Disguised as a fake game and installs a NetBus Pro server.

gc.exe
Remote Access
Disguised as a TCP/IP booster.

gcfg.exe
FTP server / Downloading trojan
Downloads a second trojan and then deletes itself.

gcinet.exe
Remote Access / Keylogger / Steals passwords / ICQ trojan / AOL trojan / DoS tool
It alters Wininit.ini and replaces explorer.exe with explorer.e. It may also infect Awadrp32.exe, Mkcompat.exe and Rnaap.exe. You usually notice your infected because you no longer can reboot or shutdown the computer as the trojan will not shutdown. BioNet also makes it impossible to reboot to DOS mode to delete the trojan. It evaids antivirus and firewall programs. Every server sent out is possible to be unique with combinations of more than 50 different features using the server builder. Using CGI scripts the trojan can do almost anything. Because of this may manual removal instruction not be totally reliable. The server is distributed in an uncompressed version, to allow anyone to use a compressor is his choice. Using a scheduler, the hacker can activate the server to make contact on a certain a specific day. BioNet is able to attack other servers using a large numbers IGMP packets using all available bandwidth. From v3.09 it supports plug-ins from other coders.

gcinetnt.exe
Remote Access / Keylogger / Steals passwords / ICQ trojan / AOL trojan / DoS tool
It alters Wininit.ini and replaces explorer.exe with explorer.e. It may also infect Awadrp32.exe, Mkcompat.exe and Rnaap.exe. You usually notice your infected because you no longer can reboot or shutdown the computer as the trojan will not shutdown. BioNet also makes it impossible to reboot to DOS mode to delete the trojan. It evaids antivirus and firewall programs. Every server sent out is possible to be unique with combinations of more than 50 different features using the server builder. Using CGI scripts the trojan can do almost anything. Because of this may manual removal instruction not be totally reliable. The server is distributed in an uncompressed version, to allow anyone to use a compressor is his choice. Using a scheduler, the hacker can activate the server to make contact on a certain a specific day. BioNet is able to attack other servers using a large numbers IGMP packets using all available bandwidth. From v3.09 it supports plug-ins from other coders.

gdi32.exe
Remote Access / Downloading trojan / Worm / Mail trojan
Self-updating worm. Downloads two trojan files from a hacker site. The "Nn.zip" file being created gets its numbers from the numbers in the file ""Lastversion.txt"".

genvirus.exe
Remote Access / Exe-infector
The whole package comes with a server, an exe infector, a remover and two jokes. The first joke program, Californ.exe makes all the windows on the screen shake and move around. The second program, gravedad.exe displays a picture of the screen flipped.

gesfm32.exe
Backdoor.Sdbot virus.
Remove it from startup by RegRun Start Control.

gf.exe
Steals passwords

gf10beta.exe
Steals passwords

ghostdog.exe
Worm / IRC trojan / Mail trojan
Destroys the Norton Antivirus program.

gigabyte.exe
W32.HLLP.Shodi.B is a virus that prepends itself to the files that have a .exe extension.
The backdoor is configured to listen on TCP ports 6351 and 6352.
Searches for the files that have the .exe extensions on all the hard drives, starting with drive C.
The worm searches all the folders on the hard drive, except those with the following names: Windows; System; System32
It does not infect the files that have the following names: IEXPLORE.EXE; ccApp.exe; ccRegVfy.exe
Prepends itself to some of the files that it finds.

If the worm is executed on May 5, 2005, the virus will display a message box containing the text:
Important !!! Please read this The Next is in Arabic
followed by Arabic text.

Extracts the original host file to a file with a .ogr extension, and then executes it.
For example, if Notepad.exe is infected, the virus will extract the original Notepad program to Notepad.ogr, and then will run it.

Attempts to install a backdoor to an infected system by creating the following files:
%System%\oobb.exe: An installer detected as Backdoor.Trojan.
%System%\Cheatle.exe: A VB application detected as Backdoor.Trojan.
%System%\GigaByte.exe: A remote administration tool detected as Remacc.Radmin.
%System%\AdmDll.dll: A .dll component of Remacc.Radmin.
%Windir%\r_server.exe: Another copy of GigaByte.exe.
%Windir%\start.exe: Another copy of Cheatle.exe.

If these files are successfully dropped, they will add the following entries
"Cheatle"="%System%\GigaByte.exe /port:6351 /pass:hellomine"
"GigaByte"="%System%\Cheatle.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Automatic removal:
Use RegRun Startuip Optimizer to remove this worm.

gip110doc.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip110exe.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip110jpg.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip110zip.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip111exe.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip111jpg.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip112doc.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip112jpg.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip113doc.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip113jpg.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gipsvr107a.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gipsvr108.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gipsvr111.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gipwizard.exe
Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

girls.exe
Remote Access / Downloading trojan / Worm / Mail trojan
Self-updating worm. Downloads two trojan files from a hacker site. The "Nn.zip" file being created gets its numbers from the numbers in the file ""Lastversion.txt"".

glide16.exe
Remote Access

gmlku.exe
I-Worm.Fasong.
Fasong is a worm virus spreading via local area networks.
Very dangrous.
Read more:
http://www.viruslist.com/eng/viruslist.h...
Restore default file extensions, remove it from startup.

gmt.exe
Newest incarnation of the Gator spyware.
Stop the process and remove from startup.

goal.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

goal1.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

gog.exe
W32.HLLP.Philis.B is a variant of W32.HLLP.Philis.
It prepends itself to all of the .exe files that it finds. It also tries to steal passwords from the "Legend of Mir 2" online game.
Emails the information that it finds to a predetermined email addresses.

Extracts and launches the infected file as .tmp.
For example, if Notepad.exe is the infected file, when you run Notepad.exe, it runs the file, Notepad.tmp.
Notepad.tmp will be a clean copy of Notepad.exe.
Creates a copy of the virus as %Windir%\Gog.exe.

Adds the value:
"GOG" = "%Windir%\GOG.exe"
to the registry autorun keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

Adds the registry key:
HKEY_LOCAL_MACHINE\Software\Classes\legend of mir2

Use RegRun Startup Optimizer to remove this worm.

gr.exe
FTP server / Downloading trojan
Downloads a second trojan and then deletes itself.

gravedad.exe
Remote Access / Exe-infector
The whole package comes with a server, an exe infector, a remover and two jokes. The first joke program, Californ.exe makes all the windows on the screen shake and move around. The second program, gravedad.exe displays a picture of the screen flipped.

grcfram.exe
Remote Access

grreg.exe
FTP server / Downloading trojan
Downloads a second trojan and then deletes itself.

guiconf.exe
Steals passwords / Mail trojan
Can be configuered to register on several different places. Alters Win.ini and/or System.ini, or may be found in the Registry under HKEY_LOCAL_MACHINE\ and/or HKEY_CURRENT_USER.

g-zilla.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

Copyright © 1998-2004 Greatis Software | Privacy Policy | Recommend to a friend