Gimemo Trojan Description

The Gimemo Trojan is a well known ransomware that is responsible for numerous ransomware variants, particularly in North America. ESG security researchers have associated the Gimemo Trojan with the FBI Moneypak ransomware infection as well as with various ransomware messages targeting computers in Canada. Ransomware infections associated with the Gimemo Trojan are typical of these kinds of threats, using alarming language and fake messages from law enforcement to scam computer users. There are numerous malware families responsible for these kinds of attacks. Since criminals will often recycle ransomware messages, insignias, code and tactics from one family to another, it is often nearly impossible to distinguish a ransomware message caused by the Gimemo Trojan from ransomware messages caused by other malware infections, based on appearance alone. Fortunately, most ransomware Trojans that do not involve encryption of the victim’s files, such as the Gimemo Trojan, are relatively easy to remove from an infected computer.

Symptoms Associated with the Gimemo Trojan

Unlike other malware families, the Gimemo Trojan changes how computer users log into Windows, which allows Gimemo Trojan to bypass regular Safe Mode. As soon as the victim starts up Windows, they will be greeted by a large, full screen window with an intimidating message. This scary message will state to have been sent by a law enforcement organization, such as the FBI or the Canadian Mounted Police. The Gimemo Trojan ransomware message will invariably state that the infected computer was used to perform illegal actions such as distributing pirated software or downloading child pornography. Then, Gimemo Trojan will threaten the victim with jail time unless a fine, usually around one hundred dollars, is paid via a money transfer service. As long as the victim’s computer is infected with the Gimemo Trojan, access to all of that computer’s files, applications, and Windows components will be blocked, effectively rendering the infected computer useless.

The Gimemo Trojan can be removed using an alternative boot method for Windows. Actually stopping the Gimemo Trojan ransomware message itself is not difficult – it will usually involve a simple modification of the Windows Registry or the use of a reliable anti-malware program. However, accessing these and bypassing the Gimemo Trojan message can be difficult. Usually, starting up in Safe Mode with the Command Prompt can allow computer users to access their anti-malware software or the Windows Registry Editor directly.

Type: Trojans

How Can You Detect Gimemo Trojan?

Gimemo Trojan Removal Details

Gimemo Trojan creates the following files in the system:

• %AppData%\[random]

Gimemo Trojan creates the following registry entries:

• Shell = “%AppData%\bGygFEL2.exe”
• [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

Important Article Disclaimer