g.exe - Dangerous
%windir%\g.exe
Manual removal instructions:
Antivirus Report of %windir%\g.exe:
%windir%\g.exe
G.EXE is rootkit Backdoor.Graybird.Q.
G.EXE is used to hide files, processes and registry.
G.EXE is a kernel mode rootkit.
Rootkit contacts remote hacker server using HTTP session.
G.EXE created a Mutex: HUIGEZIVIP_MUTEX.
G.EXE created new system drivers:
service name: "GrayPigeonServer"
display name: "Gray_Pigeon_Server"
Added to registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\GrayPigeonServer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root
\LEGACY_GrayPigeonServer
Related files:
%Windir%\G.EXE
%Windir%\G.DLL
%Windir%\G_Hook.DLL
%Windir%\GKey.DLL
Adds the value:
"g.exe" = "%Windir%\g.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
to the Windows startup registry keys.
| %windir%\g.exe | Malware |
| %windir%\g.exe | Dangerous |
| %windir%\g.exe | High Risk |
G.EXE is used to hide files, processes and registry.
G.EXE is a kernel mode rootkit.
Rootkit contacts remote hacker server using HTTP session.
G.EXE created a Mutex: HUIGEZIVIP_MUTEX.
G.EXE created new system drivers:
service name: "GrayPigeonServer"
display name: "Gray_Pigeon_Server"
Added to registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\GrayPigeonServer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root
\LEGACY_GrayPigeonServer
Related files:
%Windir%\G.EXE
%Windir%\G.DLL
%Windir%\G_Hook.DLL
%Windir%\GKey.DLL
Adds the value:
"g.exe" = "%Windir%\g.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
to the Windows startup registry keys.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.