W32.Gosys is a worm that distributes itself via network shares and local removal drives. W32.Gosys is able to open a backdoor on a compromised PC, making the system vulnerable to other malware attacks. W32.Gosys may install malware that records keystrokes, executes malicious commands and downloads infected files. If you detect W32.Gosys on your system, it is best to automatically remove it with an anti-spyware application.
%UserProfile%\\Application Data\\mrsys.exe %UserProfile%\\Local Settings\\Temporary Internet Files\\Content.IE5\\4H67CTM7\\3picsys[1].gif %UserProfile%\\Local Settings\\Temporary Internet Files\\Content.IE5\\GTYN8HUZ\\cmsys[1].gif %UserProfile%\\Local Set
Name:
%UserProfile%\\Application Data\\mrsys.exe %UserProfile%\\Local Settings\\Temporary Internet Files\\Content.IE5\\4H67CTM7\\3picsys[1].gif %UserProfile%\\Local Settings\\Temporary Internet Files\\Content.IE5\\GTYN8HUZ\\cmsys[1].gif %UserProfile%\\Local Set
Registry Details
W32.Gosys may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Explorer\Process\"LO" = "0"HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Explorer\Process\"BL" = "c:\tools\regshot.exe"
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Explorer\Process\"NF" = "0"
Your comment is awaiting moderation.
Please verify that you are not a robot.
Submit Comment
Please DO NOT use this comment system for support or billing questions.
For SpyHunter technical support requests, please contact our technical support team
directly by opening a customer support ticket via
your SpyHunter. For billing issues, please refer to our "Billing
Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our
"Inquiries and Feedback" page.
Enigmasoftware.com uses cookies to provide you with a better browsing experience and analyze how users navigate and utilize the Site. By using this Site or clicking on "OK", you consent to the use of cookies. Learn more.