Gimemo Trojan

Gimemo Trojan Description

Type: Trojan

The Gimemo Trojan is a well known ransomware that is responsible for numerous ransomware variants, particularly in North America. ESG security researchers have associated the Gimemo Trojan with the FBI Moneypak ransomware infection as well as with various ransomware messages targeting computers in Canada. Ransomware infections associated with the Gimemo Trojan are typical of these kinds of threats, using alarming language and fake messages from law enforcement to scam computer users. There are numerous malware families responsible for these kinds of attacks. Since criminals will often recycle ransomware messages, insignias, code and tactics from one family to another, it is often nearly impossible to distinguish a ransomware message caused by the Gimemo Trojan from ransomware messages caused by other malware infections, based on appearance alone. Fortunately, most ransomware Trojans that do not involve encryption of the victim's files, such as the Gimemo Trojan, are relatively easy to remove from an infected computer.

Symptoms Associated with the Gimemo Trojan

Unlike other malware families, the Gimemo Trojan changes how computer users log into Windows, which allows Gimemo Trojan to bypass regular Safe Mode. As soon as the victim starts up Windows, they will be greeted by a large, full screen window with an intimidating message. This scary message will state to have been sent by a law enforcement organization, such as the FBI or the Canadian Mounted Police. The Gimemo Trojan ransomware message will invariably state that the infected computer was used to perform illegal actions such as distributing pirated software or downloading child pornography. Then, Gimemo Trojan will threaten the victim with jail time unless a fine, usually around one hundred dollars, is paid via a money transfer service. As long as the victim's computer is infected with the Gimemo Trojan, access to all of that computer's files, applications, and Windows components will be blocked, effectively rendering the infected computer useless.

The Gimemo Trojan can be removed using an alternative boot method for Windows. Actually stopping the Gimemo Trojan ransomware message itself is not difficult – it will usually involve a simple modification of the Windows Registry or the use of a reliable anti-malware program. However, accessing these and bypassing the Gimemo Trojan message can be difficult. Usually, starting up in Safe Mode with the Command Prompt can allow computer users to access their anti-malware software or the Windows Registry Editor directly.

Technical Information

File System Details

Gimemo Trojan creates the following file(s):
# File Name Detection Count
1 %AppData%\[random] N/A

Registry Details

Gimemo Trojan creates the following registry entry or registry entries:
Shell = "%AppData%\bGygFEL2.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.