 Remove GirlFriend. Description and removal instructions
From the publisher: "GirlFriend 1.3 GirlFriend 1.3 by General Failure 1. DESCRIPTION Girlfriend is a program which allows you to get information on applications running on remote PC. That means that if any computer connected to net is infected with GirlFriend - you can connect to this PC and "steal" such information as: - text, that "infected" user enters to any window containing password field; - passwords, which "infected" user enters to password fields. You also can: - send "system" messages to remote PC; - play sounds; - show bitmaps (.bmp pictures); - send "victim" to any URL; - change server's port; - hide GF Client with BOSSKEY=F12; - scan subnet for infected servers; - ping server; - save windows list; In future versions you'll find a file manager... GirlFriend 1.3 pack includes: a) GirlFriend Server (windll.exe) - this file is for "victim"; b) GirlFriend Client (gf.exe); c) help text file (gf.txt) 2. HOW DOES IT WORK? GirFiend Server sits on infected computer and looks for windows in which user enters passwords. Server writes these passwords with other textfields in that window to registry and send this list on your demand. 3. INFECTING First you have to infect "victim": if you haven't physical access to victim's PC - send him windll.exe. You may rename it and/or attach it to any other executable file using silkrope (you may take it on www.netninja.com/bo/silkrope.html). When victim executes this file, GirlFriend will write itself to Windows' directory and rename itself to windll.exe. It also will write a string "Windll.exe=\windll.exe" to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run in registry. GirlFriend Server will save all it's data in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\General Ones victim runs GirlFriend Server - it will run every time when victim loads Windows. If you have physical acces to victim's PC - just run GirlFriend Server on it! 4. CONNECTING FROM CLIENT To connect to GirlFriend Server run GilrFriend Client (gf.exe) on your PC. Then in field "IP:" enter IP address of infected computer. In field "Port:" enter port which GirlFreiend Server "sits" on (default=21554). Then press "Connect" button. When client connects to server in statusbar "Connected to: " appears. If there will be message like "Error connecting to " - it means that server is not active (may be victim hadn't execute it?). You also can scan subnet for infected PC's writing ip like this: "194.83.11.1+ 254". 5. COMMANDS When you are connected you can: - press "Show Passes" button. It will show a list of processes (windows) containing password fields with passwords and other textfields data in this window (e.g. window of remote access with Username, Password, Connection name, etc.). - press "Send Message" button. There will appear a windows with types of system messages which you can show on remote computer. - press "Reset Password List" button which deletes the server's password list in "victim's" registry. - press "Custom" button to enter custom commands to server. Here the list of them (instead of words in parentheses you have to write specified data( without parentheses)): TEST? - sends "Are you alive?" request to server. Server's answer in "Server's answers" list must be "Server is alive!" ver - asks for server's version KillHER - kills server (clears registry from server, but it doesn't delete windll.exe from Windows' directory) {U} - sends "victim" to specified URL (begin with "http://") {S} - plays specified "wav" file on "victim's" PC {P} - shows specified "bmp" file on "victim's" PC DOWN - switches "looking for passwords" timer on server OFF (server won't scan for passwords) UP - switches "looking for passwords" timer ON setport - sets server port to specified one (identic to pressing "change" button) That's all I think... I don't remember more :) You can press F12 to tray client and then press on trayicon with right button to use these commands from popupmenu. Press "About" button to know "more" about this program. Press "Save list" to save windows & passwords list to text file. I think that's all what I can tell you about my program... If you'll have any questions/suggestions please write me to gfailure@iname.com. Enjoy! Regards, General Failure. P.S. Oh! I have forgotten to notice that it also takes passwords from Web sites which infected user inputs!" GirlFriend properties: • Allows remote user connection • Logs keystrokes • Hides from the user • Stays resident in background Automatic GirlFriend removal:remover for GirlFriend
GirlFriend manual removal:Kill processes:gf.exe, windll.exe Delete files: about.dcu, about.dfm, about.pas, client.dof, client.dpr, client.res, gf.exe, gf.txt, hosts.ip, main.dcu, main.dfm, main.pas, messageunit.dcu, messageunit.dfm, messageunit.pas, na readme.fuq, servermain.~df, servermain.dcu, showpictureunit.dcu, showpictureunit.dfm, showpictureunit.pas, windll.exe Other programs to remove GirlFriend:• SUPERAntiSpyware - Review - Download• CounterSpy - Review - Download • Windows Defender - Review - Download Information added: 27/03/05 Information updated: 27/03/05 Additional resources related to GirlFriend:Attention: If you know or you have a website or page about GirlFriend removal, feel free to add a link to this list: add url
more resources Post Comment:Attention: Use this form only if you have additional information about GirlFriend parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
|
Related news:
Similar parasites:
 NetMail EvilSocks Bus Conquerer Pardillo Aqua BackLash 1.01 A DLSrv BF Telnet Demo Dominador ActiveXExambleRelated discussions:
|
FORUM:
HELP:
