What is G.exe? Should I remove it?

G.exe is a file that might be related to a dangerous trojan horse which is also a rootkit

G.exe is a process that prevents some users from restarting their Windows machines. The mystery of G application started when multiple people reported the problem on different forums, including Reddit[1] and Steam. It turns out that it is more likely to be a hidden window rather than the executable and is connected to regular programs like Skype, Outlook, File Explorer, OneDrive, and similar. However, some also reported that the G.exe was indeed malware that ran in the background and stole valuable information from hosts.

Name G.exe, G
Type Malware
May be associated with Backdoor.Graybird.Q
Distribution  Malicious spam email attachments or links, fake updates, exploits, repacked installers, malicious websites, etc.
Symptoms Rarely any, but may slow down the PC, show errors, crash apps, redirect to certain sites, etc.
Elimination Download security software and a rootkit killer to perform a full system scan – we recommend Malwarebytes
Optimization To make sure Windows registry is fixed, scan the device with FortectIntego

G.exe might be associated with a Backdoor.Graybird.Q,[2] which is a dangerous malware that functions as a rootkit[3] as well. The malicious program modifies the system heavily:

  • Copies itself to %Windir% and sets Read-only, Hidden, and System privileges;
  • Adds g.exe” = “%Windir%\g.exe value to the Windows Registry in order to retain a boot up;
  • Creates a service GrayPigeonServer;
  • Deletes the initial payload file;
  • Stats a rootkit;
  • Connects to a specific website using a hidden Internet Explorer session.

G.exe virus can connect to multiple different servers, and its function depends on that. Most likely, the trojan is used to download and install other malicious software and harvest personal data like passwords, banking information, etc.

Malware can be downloaded from various sources, but the most common infection sources are spam emails, malicious websites, repacked executables, torrent files, fake updates, and similar. We explore G.exe malware distribution methods and ways to avoid it in the section below.

Nevertheless, if your system is affected by G.exe virus, it is vital to run scans using the appropriate software. Because it is a rootkit, we recommend using Malwarebytes. After G.exe removal, we suggest users scan their systems with FortectIntego – it will fix all the damage done by malware.

The mysterious G that prevents users from shutting down Windows

If scans perform with comprehensive software brought up no results, there is nothing to be worried about, as the G that prevents you from shutting down Windows is caused by an invisible service that can be connected to multiple applications. Many programs run it, and there is nothing wrong with it, you just need to make sure the hidden windows does not trigger the prevention of the system shut down.

In order to identify which application is related to the G, you will have to download GUIPropView or similar software that would allow you to view all the windows currently open. You can download it from the official website.[4]

Once installed, open the app and click on TopLevel > Display Hidden Windows. This will allow you to view which programs are using the G hidden window. Sort the results by Title and see which ones have G under it. Once you identify the programs related, you need to try to set the service startup type to Manual:

  • Type services.msc into the search box
  • Scroll down and locate the service related to G hidden window
  • Ricght-click and pick Properties
  • Under startup type, select Manual and click OK

Trojans can be distributed in a variety of ways

Trojans are one of the most dangerous infections as they can serve a variety of purposes. One of the most common distribution methods is spam emails – crooks attach the obfuscated document, text or other file to a spoofed email and hope users will execute the payload. Alternatively, they can utilize hyperlinks – they might be hidden under legitimately-looking buttons or links.

Cybercriminals might also use social media platforms to deliver trojans. Therefore, if you noticed a post or a message  from an unknown source, ignore it and do not click on the link.

Additionally, drive-by downloads can be often used to spread the virus. These instances can occur when users visit a site that may look legitimate but actually has a malicious code embedded in it. Therefore, it is vital to install security software that can protect users from drive-by downloads and installation of malware.

Eliminate G.exe malware from your machine

In order to make sure G.exe is malware, you should scan your machine with reputable anti-virus software. We recommend using SpyHunter 5Combo Cleaner or anti-rootkit program. Be aware that malicious software might prevent AV engines from running correctly.

In such a case, you would have to enter Safe Mode with Networking and start a scan from there. Please be aware that you should not try to remove G.exe virus manually, as it will only harm your system even more. After the elimination, you should perform another system scan using FortectIntego. This software will be able to fix the system files and bring the PC back to normal.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.
About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions