GEMA.EXE is Locker Ransom
The file GEMA.EXE can destroy your system, thus making the computer to work abnormally.
GEMA.EXE is a dangerous file.
RemoveGEMA.EXE from your computer immediately.
Kill the process GEMA.EXE and remove GEMA.EXE from the Windows startup.
Malware Analysis of GEMA.EXE
Full path on a computer: %SysDir%\gema.exe
Detected by RegRun Warrior:
Item Name: shell
Author: Unknown
Related File: %Appdata%\gema\gema.exe,Explorer.exe,
Type: User Shell
Item Name: UserInit
Author: Unknown
Related File: %Common Appdata%\gema\gema.exe,%SysDir%\gema.exe,%SysDir%\userinit.exe,
Type: UserInit Value
Item Name: gema
Author:
Related File: %SYSDIR%\GEMA.EXE
Type: Registry Run
Item Name: gema.
Author:
Related File: %COMMON APPDATA%\GEMA\GEMA.EXE
Type: Registry Run
Item Name: gema
Author: Promise Technology, Inc.
Related File: %APPDATA%\GEMA\GEMA.EXE
Type: Registry Run
Removal Results: Success
Number of reboot: 1
GEMA.EXE is known as:
Locker.Ransom
GEMA.EXE hash:
- MD5: 3cea112008870b0f75a3e707281ca483
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gema: “%SysDir%\gema.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gema.: “%Common Appdata%\gema\gema.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gema: “%Appdata%\gema\gema.exe”
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: “%Appdata%\gema\gema.exe,Explorer.exe,”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%Common Appdata%\gema\gema.exe,%SysDir%\gema.exe,%SysDir%\userinit.exe,”
Files:- %Appdata%\gema\gema.exe
- %Common Appdata%\gema\gema.exe
- %SysDir%\gema.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
