Necessary At your option Useless Dangerous Application database
 Startup Programs     Entire site
Startupapps.com recommends you:

Detect and remove hidden rootkits using UnHackMe UnHackMe - Rootkit Killer Free fully functional 30-days trial.

RegRun Security Suite = 24 system utilities for protecting your computer. Try now!

Buy Now!

I would like to say that RegRun has helped me on more than 1 occasion when it comes to spyware/adware by letting me know automatically that a piece of it got added to Windows startup. There is so much spyware/addware out there today it's hard to imagine being without RegRun. I like many other features too including the daily registry backups and file protection.

Chris Wagers

Dangerous GigaByte.exe - Dangerous
gigabyte.exe
W32.HLLP.Shodi.B is a virus that prepends itself to the files that have a .exe extension.
The backdoor is configured to listen on TCP ports 6351 and 6352.
Searches for the files that have the .exe extensions on all the hard drives, starting with drive C.
The worm searches all the folders on the hard drive, except those with the following names: Windows; System; System32
It does not infect the files that have the following names: IEXPLORE.EXE; ccApp.exe; ccRegVfy.exe
Prepends itself to some of the files that it finds.

If the worm is executed on May 5, 2005, the virus will display a message box containing the text:
Important !!! Please read this The Next is in Arabic
followed by Arabic text.

Extracts the original host file to a file with a .ogr extension, and then executes it.
For example, if Notepad.exe is infected, the virus will extract the original Notepad program to Notepad.ogr, and then will run it.

Attempts to install a backdoor to an infected system by creating the following files:
%System%\oobb.exe: An installer detected as Backdoor.Trojan.
%System%\Cheatle.exe: A VB application detected as Backdoor.Trojan.
%System%\GigaByte.exe: A remote administration tool detected as Remacc.Radmin.
%System%\AdmDll.dll: A .dll component of Remacc.Radmin.
%Windir%\r_server.exe: Another copy of GigaByte.exe.
%Windir%\start.exe: Another copy of Cheatle.exe.

If these files are successfully dropped, they will add the following entries
"Cheatle"="%System%\GigaByte.exe /port:6351 /pass:hellomine"
"GigaByte"="%System%\Cheatle.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Automatic removal:
Use RegRun Startuip Optimizer to remove this worm.

Removal: GigaByte.exe is removed by RegRun.

Read more... Removal instructions...

Recommended software:
UnHackMe - easy removal Rootkits/Adware/Spyware.
http://www.unhackme.com

RegRun Security Suite - removal and protection. http://www.regrun.com

RegRun Reanimator - free removal tool. greatis.com/reanimator

RegRun - User's Choice

Vista Programs - full info...

What is hidden in MSDN?
.NET Secrets Revealed

Why software developers prefer Win32.FreeTechSecrets.com?

All Unix Manuals in Alphabetical Order

C# controls for .NET in 3 simple steps.


Constantly updated. Last update: May 12 2008

Interesting information about Vista programs...
Need consultation?

Would you like to add your opinion?

Your Name (Not Required):

Your E-mail to contact (Not Required):

Application Name:

Application Status:
Neccessary
At your option
Useless
Dangerous

Description:


Quick Links
What's new?
RSS Feed
Add to AppDatabase
Ask Experts
Join forum
Links

Articles
Virus or not? SPTD####.sys
What is mc21.tmp, mc22.tmp, mc23.tmp?

Select
Necessary
Useless
At your option
Dangerous
Copyright © 1998-2008 Greatis Software