The Application Database suggests you which Windows startup programs are usefual and which are bad. The recommended tool for quickly removing the useless programs is RegRun Startup Optimizer. www.startupapps.com

---

Purchase RegRun Suite Download RegRun Suite

Search Database for:

RegRun > Greatis Startup Application Database > Dangerous > G

 

g_client.exe
g_server.exe
gadget.exe
gain_trickler_3202.exe
game.exe
gc.exe
gcfg.exe
gcinet.exe
gcinetnt.exe
gdi32.exe
genvirus.exe
gesfm32.exe
gf.exe
gf10beta.exe
ghostdog.exe
gigabyte.exe
gip110doc.exe
gip110exe.exe
gip110jpg.exe
gip110zip.exe
gip111exe.exe
gip111jpg.exe
gip112doc.exe
gip112jpg.exe
gip113doc.exe
gip113jpg.exe
gipsvr107a.exe
gipsvr108.exe
gipsvr111.exe
gipwizard.exe
girls.exe
glide16.exe
gmlku.exe
gmt.exe
goal.exe
goal1.exe
gog.exe
gr.exe
gravedad.exe
grcfram.exe
grreg.exe
guiconf.exe
g-zilla.exe

g_client.exe

Remote Access

g_server.exe

Remote Access

gadget.exe

Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

gain_trickler_3202.exe

Adverising spyware. Part of DIVX 5.02 package.
Remove it. Also remove GStartup.lnk.

game.exe

Remote Access / Trojan dropper
Disguised as a fake game and installs a NetBus Pro server.

gc.exe

Remote Access
Disguised as a TCP/IP booster.

gcfg.exe

FTP server / Downloading trojan
Downloads a second trojan and then deletes itself.

gcinet.exe

Remote Access / Keylogger / Steals passwords / ICQ trojan / AOL trojan / DoS tool
It alters Wininit.ini and replaces explorer.exe with explorer.e. It may also infect Awadrp32.exe, Mkcompat.exe and Rnaap.exe. You usually notice your infected because you no longer can reboot or shutdown the computer as the trojan will not shutdown. BioNet also makes it impossible to reboot to DOS mode to delete the trojan. It evaids antivirus and firewall programs. Every server sent out is possible to be unique with combinations of more than 50 different features using the server builder. Using CGI scripts the trojan can do almost anything. Because of this may manual removal instruction not be totally reliable. The server is distributed in an uncompressed version, to allow anyone to use a compressor is his choice. Using a scheduler, the hacker can activate the server to make contact on a certain a specific day. BioNet is able to attack other servers using a large numbers IGMP packets using all available bandwidth. From v3.09 it supports plug-ins from other coders.

gcinetnt.exe

Remote Access / Keylogger / Steals passwords / ICQ trojan / AOL trojan / DoS tool
It alters Wininit.ini and replaces explorer.exe with explorer.e. It may also infect Awadrp32.exe, Mkcompat.exe and Rnaap.exe. You usually notice your infected because you no longer can reboot or shutdown the computer as the trojan will not shutdown. BioNet also makes it impossible to reboot to DOS mode to delete the trojan. It evaids antivirus and firewall programs. Every server sent out is possible to be unique with combinations of more than 50 different features using the server builder. Using CGI scripts the trojan can do almost anything. Because of this may manual removal instruction not be totally reliable. The server is distributed in an uncompressed version, to allow anyone to use a compressor is his choice. Using a scheduler, the hacker can activate the server to make contact on a certain a specific day. BioNet is able to attack other servers using a large numbers IGMP packets using all available bandwidth. From v3.09 it supports plug-ins from other coders.

gdi32.exe

Remote Access / Downloading trojan / Worm / Mail trojan
Self-updating worm. Downloads two trojan files from a hacker site. The "Nn.zip" file being created gets its numbers from the numbers in the file ""Lastversion.txt"".

genvirus.exe

Remote Access / Exe-infector
The whole package comes with a server, an exe infector, a remover and two jokes. The first joke program, Californ.exe makes all the windows on the screen shake and move around. The second program, gravedad.exe displays a picture of the screen flipped.

gesfm32.exe

Backdoor.Sdbot virus.
Remove it from startup by RegRun Start Control.

gf.exe

Steals passwords

gf10beta.exe

Steals passwords

ghostdog.exe

Worm / IRC trojan / Mail trojan
Destroys the Norton Antivirus program.

gigabyte.exe

W32.HLLP.Shodi.B is a virus that prepends itself to the files that have a .exe extension.
The backdoor is configured to listen on TCP ports 6351 and 6352.
Searches for the files that have the .exe extensions on all the hard drives, starting with drive C.
The worm searches all the folders on the hard drive, except those with the following names: Windows; System; System32
It does not infect the files that have the following names: IEXPLORE.EXE; ccApp.exe; ccRegVfy.exe
Prepends itself to some of the files that it finds.

If the worm is executed on May 5, 2005, the virus will display a message box containing the text:
Important !!! Please read this The Next is in Arabic
followed by Arabic text.

Extracts the original host file to a file with a .ogr extension, and then executes it.
For example, if Notepad.exe is infected, the virus will extract the original Notepad program to Notepad.ogr, and then will run it.

Attempts to install a backdoor to an infected system by creating the following files:
%System%\oobb.exe: An installer detected as Backdoor.Trojan.
%System%\Cheatle.exe: A VB application detected as Backdoor.Trojan.
%System%\GigaByte.exe: A remote administration tool detected as Remacc.Radmin.
%System%\AdmDll.dll: A .dll component of Remacc.Radmin.
%Windir%\r_server.exe: Another copy of GigaByte.exe.
%Windir%\start.exe: Another copy of Cheatle.exe.

If these files are successfully dropped, they will add the following entries
"Cheatle"="%System%\GigaByte.exe /port:6351 /pass:hellomine"
"GigaByte"="%System%\Cheatle.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Automatic removal:
Use RegRun Startuip Optimizer to remove this worm.

gip110doc.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip110exe.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip110jpg.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip110zip.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip111exe.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip111jpg.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip112doc.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip112jpg.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip113doc.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gip113jpg.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gipsvr107a.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gipsvr108.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gipsvr111.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

gipwizard.exe

Remote Access / Steals passwords / ICQ trojan
Alters System.ini.

girls.exe

Remote Access / Downloading trojan / Worm / Mail trojan
Self-updating worm. Downloads two trojan files from a hacker site. The "Nn.zip" file being created gets its numbers from the numbers in the file ""Lastversion.txt"".

glide16.exe

Remote Access

gmlku.exe

I-Worm.Fasong.
Fasong is a worm virus spreading via local area networks.
Very dangrous.
Read more:
http://www.viruslist.com/eng/viruslist.h...
Restore default file extensions, remove it from startup.

gmt.exe

Newest incarnation of the Gator spyware.
Stop the process and remove from startup.

goal.exe

Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

goal1.exe

Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

gog.exe

W32.HLLP.Philis.B is a variant of W32.HLLP.Philis.
It prepends itself to all of the .exe files that it finds. It also tries to steal passwords from the "Legend of Mir 2" online game.
Emails the information that it finds to a predetermined email addresses.

Extracts and launches the infected file as .tmp.
For example, if Notepad.exe is the infected file, when you run Notepad.exe, it runs the file, Notepad.tmp.
Notepad.tmp will be a clean copy of Notepad.exe.
Creates a copy of the virus as %Windir%\Gog.exe.

Adds the value:
"GOG" = "%Windir%\GOG.exe"
to the registry autorun keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

Adds the registry key:
HKEY_LOCAL_MACHINE\Software\Classes\legend of mir2

Use RegRun Startup Optimizer to remove this worm.

gr.exe

FTP server / Downloading trojan
Downloads a second trojan and then deletes itself.

gravedad.exe

Remote Access / Exe-infector
The whole package comes with a server, an exe infector, a remover and two jokes. The first joke program, Californ.exe makes all the windows on the screen shake and move around. The second program, gravedad.exe displays a picture of the screen flipped.

grcfram.exe

Remote Access

grreg.exe

FTP server / Downloading trojan
Downloads a second trojan and then deletes itself.

guiconf.exe

Steals passwords / Mail trojan
Can be configuered to register on several different places. Alters Win.ini and/or System.ini, or may be found in the Registry under HKEY_LOCAL_MACHINE\ and/or HKEY_CURRENT_USER.

g-zilla.exe

Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.