Defend what you create

Mehr

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Trojan.Click3.22229

Added to the Dr.Web virus database: 2016-09-29

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.m4v\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.mp4\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.dmb\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.skm\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.3gp\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.k3g\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.trp\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.ts\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.tp\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.m2t\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.m2ts\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.mts\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.dmskm\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.mqv\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.flv\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.swf\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.mov\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.rmvb\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.rm\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.lmp4\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.ogv\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.ogm\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.mkv\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.m2v\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.avi\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.gom\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] 'msacm.divxa32' = 'msaud32_divx.acm'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.asx\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.divx\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.svi\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\gomcmd\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" %1'
  • [<HKLM>\SOFTWARE\Classes\gomlogo\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\jamak\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\Gomplayer.Skinfile\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\ogms\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\avis\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.asf\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.dat\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.mpeg\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.mpe\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.m1v\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.vob\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.ifo\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.wvx\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.wmv\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.wmx\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.mpg\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.wmp\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
  • [<HKLM>\SOFTWARE\Classes\GomPlayer.wm\shell\open\command] '' = '"%ProgramFiles%\GRETECH\GomPlayer\GOM.exe" /open "%1"'
Malicious functions:
Executes the following:
  • '%ProgramFiles%\GRETECH\GomPlayer\GOM.exe' /RegServer
  • '%ProgramFiles%\GRETECH\GomPlayer\GOM.exe' /regassoc
  • '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' http://www.go##ab.com/
  • '%TEMP%\7ZipSfx.000\GOMPLAYERENSETUP.EXE' /S /NCRC
  • '%ProgramFiles%\GRETECH\GomPlayer\KillGom.exe' GOM.EXE
  • '%ProgramFiles%\GRETECH\GomPlayer\ShellRegister.exe'
Modifies file system:
Creates the following files:
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_LEFTFRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_RIGHTFRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_CP_RIGHT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_RIGHT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_CP_LEFT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_STATE_STOP.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\TIME_FONT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_STATE_READY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_STATE_PAUSE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_STATE_PLAY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_MID.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_ACT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_FILL.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN_RANGE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_EMPTY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_CP_CLIENT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_LEFT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_CP_BOTTOM.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_FRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_NOACT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CLOSE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_PRESETS_LIST.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_PRESETS_RESET_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_EQ_PRESETS_SAVE_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_EQ_PRESETS_DEL_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_EQ_PRESETS_MENU_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_EMPTY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_FILL.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_FONT_SMALLNUM.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_USE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_USE_ON.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CON_STATIC_SECTIONRPT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_DEFAULT_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_DN_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_FF.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_BIGFF.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_BIGREW.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_SET_S_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_UNSET_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_SET_E_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_UP_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_REW.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_LIST_MENU_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_SEL_MENU_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_DEL_MENU_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\MAINFRAME2.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_ADD_MENU_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_CONTROLPANEL_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_FF.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\PL_PLAYLIST_SELITEM_FRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_SORT_MENU_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\PL_PLAYLIST_ITEM_FRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\MAINFRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\BTN_REPEAT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\BTN_REPEAT_ON.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\LOGO\SOUNDONLY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\INFOLINE\background.png
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\INFOLINE\infoline.html
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\LIST_SLIDER_MAIN.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\LIST_SLIDER_MAIN_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\LIST_BKGND.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\BTN_SHUFFLE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\PL\BTN_SHUFFLE_ON.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_MUTE_OFF.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_SYS_RESTORE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\LIST.XML
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_SYS_MINIMIZE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_SYS_MAINICON.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_SYS_MAXIMIZE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\SKIN.XML
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\MUSIC.XML
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\LITE.XML
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\MAIN_RGN_RB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_SYS_FULLSCREEN.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_PLAY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_PLAYLIST_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_PAUSE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_MUTE_ON.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_OPEN.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_SUBFIND_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_SYS_CLOSE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_STOP.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_PREFERENCE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\BTN_REW.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\LIST_FRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\LIST_SLIDER_MAIN.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\LIST_BKGND.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\BTN_SYS_MINIMIZE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\CLOSE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\MINIMIZE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_ADD_MENU_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\MAINFRAME_temp.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\LIST_SLIDER_MAIN_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\MAINFRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\BTN_STOP.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\BTN_PAUSE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_FILL.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_EMPTY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\BTN_REPEAT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\BTN_REPEAT_ON.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAYLISTPREV.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAYLISTNEXT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_DEL_MENU_ENG.BMP
  • %ALLUSERSPROFILE%\Start Menu\Programs\GOM Player\GOM Wizard.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\GOM Player\Homepage.url
  • %ALLUSERSPROFILE%\Start Menu\Programs\GOM Player\GOM Player.lnk
  • %ProgramFiles%\GRETECH\GomPlayer\Uninstall.exe
  • <SYSTEM32>\msaud32_divx.acm
  • %HOMEPATH%\Start Menu\GOM Player.lnk
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gomlab[1]
  • %APPDATA%\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\GOM Player\Uninstall.lnk
  • %ALLUSERSPROFILE%\Desktop\GOM Player.lnk
  • %ProgramFiles%\GRETECH\GomPlayer\GomTVStrmLang\english.ini
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\PL_PLAYLIST_ITEM_FRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\PL_PLAYLIST_SELITEM_FRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_SORT_MENU_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_LIST_MENU_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_SEL_MENU_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\GomTVStreamer_GrLauncher.ini
  • %ProgramFiles%\GRETECH\GomPlayer\GomTVStrmLang\controlid.data
  • %ProgramFiles%\GRETECH\GomPlayer\GomTVStrm.dll
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\PL\SLIDER_VOLUME_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\logos\smile.jpg
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_FILL.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\MAIN_SUB_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\MAIN_SUB_ON_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\MAIN_DVD_ON.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\MAIN_CONTROL_ON_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\MAIN_DVD.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\SUB_POS_UPDN_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\SUB_SIZE_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\SUB_POS_LTRT_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\MAIN_VIDEO_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\MAIN_VIDEO_ON_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\MAIN_CONTROL_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\FRAME_AUDIO.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\FRAME_CONTROL_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_PAN_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_PAN_EMPTY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\MAIN_AUDIO_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\MAIN_AUDIO_ON_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\MAINFRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\FRAME_DVD.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\FRAME_SUB_VIDEO.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_CAP2_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\LOGO\GOMREMOCON_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\LOGO\GOM_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\LOGO\BTN_AD.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_ST_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\MUSIC\INFO_FRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_EMPTY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\LOGO\STATIC_AD.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\LOGO\SIDE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\LOGO\SOUNDONLY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_FILL.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_RESET.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_SUBB_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_PSTOGGLE_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_CAP_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_LANGNEXT_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_LINE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_EMPTY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_CT_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_SUBF_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BT_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_CONTROLPANEL.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_FF.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\lang\ControlIDKOR.xml
  • %ProgramFiles%\GRETECH\GomPlayer\lang\ControlIDENG.xml
  • %ProgramFiles%\GRETECH\GomPlayer\lang\ControlIDENG2.xml
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_PAUSE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_PLAY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_OPEN.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_MUTE_OFF.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_MUTE_ON.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\lang\GomWizEng.dll
  • %ProgramFiles%\GRETECH\GomPlayer\Text.eng\History.txt
  • %ProgramFiles%\GRETECH\GomPlayer\Text.eng\JMDBNotice.txt
  • %ProgramFiles%\GRETECH\GomPlayer\Text.eng\Copyright.txt
  • %ProgramFiles%\GRETECH\GomPlayer\CodecFindSkin.eng\horiz.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\CodecFindSkin.eng\top.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\jmdbhtml\noticebg.gif
  • %ProgramFiles%\GRETECH\GomPlayer\lang\GomENG.dll
  • %ProgramFiles%\GRETECH\GomPlayer\jmdbhtml\close_on_btn.gif
  • %ProgramFiles%\GRETECH\GomPlayer\Text.eng\Shortcut.txt
  • %ProgramFiles%\GRETECH\GomPlayer\jmdbhtml\close_off_btn.gif
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_PLAYLIST.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_LT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_RB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_LB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_SYS_RESTORE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\LIST.XML
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_KNOB_HOT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_RT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\SKIN.XML
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MINIMIZE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_STOP.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_SUBFIND_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_SRCH.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_PREFERENCE_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_REW.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MAINICON.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MAXIMIZE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_SYS_FULLSCREEN.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_SYS_BORDER.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\BTN_SYS_CLOSE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\CodecFindSkin.eng\frame.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\GrLauncher.ini
  • %ProgramFiles%\GRETECH\GomPlayer\Language.ini
  • %ProgramFiles%\GRETECH\GomPlayer\GrLauncher.exe
  • %ProgramFiles%\GRETECH\GomPlayer\GOM.exe
  • %ProgramFiles%\GRETECH\GomPlayer\GomWiz.exe
  • %ProgramFiles%\GRETECH\GomPlayer\LGPL.TXT
  • %ProgramFiles%\GRETECH\GomPlayer\RtParser.exe
  • %ProgramFiles%\GRETECH\GomPlayer\gom.ini
  • %ProgramFiles%\GRETECH\GomPlayer\setting.ini
  • %ProgramFiles%\GRETECH\GomPlayer\Icon.dll
  • %ProgramFiles%\GRETECH\GomPlayer\GomWeb3.dll
  • %TEMP%\NSISPromotionEx.ini
  • %TEMP%\NSISPromotionEx.dll
  • %TEMP%\nsi3.tmp\SkinKidslock.ini
  • %TEMP%\7ZipSfx.000\GOMPLAYERENSETUP.EXE
  • %TEMP%\nsy2.tmp
  • %ProgramFiles%\GRETECH\GomPlayer\GVC.dll
  • %ProgramFiles%\GRETECH\GomPlayer\GomX.dll
  • %ProgramFiles%\GRETECH\GomPlayer\KillGom.exe
  • %TEMP%\GomEncDnInstaller.exe
  • %TEMP%\nsi3.tmp\System.dll
  • %ProgramFiles%\GRETECH\GomPlayer\srt2smi.exe
  • %ProgramFiles%\GRETECH\GomPlayer\CodecFindSkin.eng\skin.xml
  • %ProgramFiles%\GRETECH\GomPlayer\CodecFindSkin.eng\btn_close.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\SettingSkin\buttonframe.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\urls\default.asx
  • %ProgramFiles%\GRETECH\GomPlayer\SettingSkin\skin.xml
  • %ProgramFiles%\GRETECH\GomPlayer\CodecFindSkin.eng\desc.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\CodecFindSkin.eng\desc2.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\CodecFindSkin.eng\btn_detail2.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\CodecFindSkin.eng\btn_codec.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\CodecFindSkin.eng\btn_detail.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\GAF.ax
  • %ProgramFiles%\GRETECH\GomPlayer\ShellRegister.exe
  • %ProgramFiles%\GRETECH\GomPlayer\VSUtil.dll
  • %ProgramFiles%\GRETECH\GomPlayer\gomplayer.com.ico
  • %ProgramFiles%\GRETECH\GomPlayer\Dodge.dll
  • %ProgramFiles%\GRETECH\GomPlayer\qscl.dll
  • %ProgramFiles%\GRETECH\GomPlayer\GRFU.ax
  • %ProgramFiles%\GRETECH\GomPlayer\GNF.ax
  • %ProgramFiles%\GRETECH\GomPlayer\GSFU.ax
  • %ProgramFiles%\GRETECH\GomPlayer\msvcr71.dll
  • %ProgramFiles%\GRETECH\GomPlayer\GVF.ax
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\FRAME_SUB_VIDEO.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\MAINFRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\FRAME_DVD.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\FRAME_AUDIO.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\FRAME_CONTROL_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\MAIN_CONTROL_ON_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\MAIN_DVD.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\MAIN_CONTROL_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\MAIN_AUDIO_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\MAIN_AUDIO_ON_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_PAN_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_PRESETS_RESET_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_USE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_PRESETS_LIST.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_EQ_PRESETS_DEL_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_EQ_PRESETS_SAVE_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_PAN_EMPTY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_FILL.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_USE_ON.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_EMPTY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\MAIN_DVD_ON.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BT_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_CT_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_SUBF_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_RESET.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_SUBB_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_ST_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_FILL.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_LINE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_EMPTY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_PSTOGGLE_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\MAIN_VIDEO_ON_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\SUB_POS_LTRT_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\MAIN_VIDEO_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\MAIN_SUB_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\MAIN_SUB_ON_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_CAP_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_LANGNEXT_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_CAP2_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\SUB_POS_UPDN_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\SUB_SIZE_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CON_STATIC_SECTIONRPT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTBOTTOM.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTFRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_CP_RIGHT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_CP_INFO2.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_CP_LEFT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_MAIN_BG2.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTBOTTOM.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_MAIN_BG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTFRAME_BOTTOM.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTTOP.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_CP_INFO.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_KNOB.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_KNOB_HOT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_FILL.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_RANGE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_EMPTY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_CHANNEL_FRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_CP_CLIENT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_NOACT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_ACT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_FRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTFRAME.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_DEFAULT_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_DN_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_FF.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_BIGFF.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_BIGREW.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_SET_S_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_UNSET_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_SET_E_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_UP_ENG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_REW.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\CP\CLOSE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_PAUSE.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_PLAY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_SLIDER_BG.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTFRAME_BOTTOM.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTTOP.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\Static_main_logo.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\TIME_FONT.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\Static_main_border.bmp
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_READY.BMP
  • %ProgramFiles%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_STOP.BMP
Deletes the following files:
  • %TEMP%\nsi3.tmp\System.dll
  • %TEMP%\nsi3.tmp\SkinKidslock.ini
Network activity:
Connects to:
  • 'www.go##ab.com':80
  • 'localhost':1036
TCP:
HTTP GET requests:
  • http://www.go##ab.com/
UDP:
  • DNS ASK www.go##ab.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''
  • ClassName: '' WindowName: ''
  • ClassName: 'MS_WebcheckMonitor' WindowName: ''
  • ClassName: 'MS_AutodialMonitor' WindowName: ''
  • ClassName: 'GomPlayer1.x' WindowName: ''
  • ClassName: '#32770' WindowName: ''
  • ClassName: 'GomWiz1.x' WindowName: ''
  • ClassName: 'GomMgr1.x' WindowName: ''

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Führender russischer Hersteller von Virenschutzsoftware
Entwickelt seit 1992
Dr.Web wird in mehr als 200 Ländern genutzt
Antivirus im SaaS-Modell seit 2007
Technischer Support rund um die Uhr

Dr.Web © Doctor Web
2003 — 2020

Doctor Web ist ein russischer Entwickler von IT-Sicherheitslösungen unter dem Markennamen Dr.Web. Dr.Web Produkte werden seit 1992 entwickelt.

Doctor Web Deutschland GmbH. Quettigstr. 12, 76530 Baden-Baden