G.exe is a file that might be related to a dangerous trojan horse which is also a rootkit
G.exe is a process that prevents some users from restarting their Windows machines. The mystery of G application started when multiple people reported the problem on different forums, including Reddit and Steam. It turns out that it is more likely to be a hidden window rather than the executable and is connected to regular programs like Skype, Outlook, File Explorer, OneDrive, and similar. However, some also reported that the G.exe was indeed malware that ran in the background and stole valuable information from hosts.
|May be associated with||Backdoor.Graybird.Q|
|Distribution||Malicious spam email attachments or links, fake updates, exploits, repacked installers, malicious websites, etc.|
|Symptoms||Rarely any, but may slow down the PC, show errors, crash apps, redirect to certain sites, etc.|
|Elimination||Download security software and a rootkit killer to perform a full system scan – we recommend Malwarebytes|
|Optimization||To make sure Windows registry is fixed, scan the device with ReimageIntego|
- Copies itself to %Windir% and sets Read-only, Hidden, and System privileges;
- Adds g.exe” = “%Windir%\g.exe value to the Windows Registry in order to retain a boot up;
- Creates a service GrayPigeonServer;
- Deletes the initial payload file;
- Stats a rootkit;
- Connects to a specific website using a hidden Internet Explorer session.
G.exe virus can connect to multiple different servers, and its function depends on that. Most likely, the trojan is used to download and install other malicious software and harvest personal data like passwords, banking information, etc.
Malware can be downloaded from various sources, but the most common infection sources are spam emails, malicious websites, repacked executables, torrent files, fake updates, and similar. We explore G.exe malware distribution methods and ways to avoid it in the section below.
Nevertheless, if your system is affected by G.exe virus, it is vital to run scans using the appropriate software. Because it is a rootkit, we recommend using Malwarebytes. After G.exe removal, we suggest users scan their systems with ReimageIntego – it will fix all the damage done by malware.
The mysterious G that prevents users from shutting down Windows
If scans perform with comprehensive software brought up no results, there is nothing to be worried about, as the G that prevents you from shutting down Windows is caused by an invisible service that can be connected to multiple applications. Many programs run it, and there is nothing wrong with it, you just need to make sure the hidden windows does not trigger the prevention of the system shut down.
In order to identify which application is related to the G, you will have to download GUIPropView or similar software that would allow you to view all the windows currently open. You can download it from the official website.
Once installed, open the app and click on TopLevel > Display Hidden Windows. This will allow you to view which programs are using the G hidden window. Sort the results by Title and see which ones have G under it. Once you identify the programs related, you need to try to set the service startup type to Manual:
- Type services.msc into the search box
- Scroll down and locate the service related to G hidden window
- Ricght-click and pick Properties
- Under startup type, select Manual and click OK
Trojans can be distributed in a variety of ways
Trojans are one of the most dangerous infections as they can serve a variety of purposes. One of the most common distribution methods is spam emails – crooks attach the obfuscated document, text or other file to a spoofed email and hope users will execute the payload. Alternatively, they can utilize hyperlinks – they might be hidden under legitimately-looking buttons or links.
Cybercriminals might also use social media platforms to deliver trojans. Therefore, if you noticed a post or a message from an unknown source, ignore it and do not click on the link.
Additionally, drive-by downloads can be often used to spread the virus. These instances can occur when users visit a site that may look legitimate but actually has a malicious code embedded in it. Therefore, it is vital to install security software that can protect users from drive-by downloads and installation of malware.
Eliminate G.exe malware from your machine
In order to make sure G.exe is malware, you should scan your machine with reputable anti-virus software. We recommend using SpyHunter 5Combo Cleaner or anti-rootkit program. Be aware that malicious software might prevent AV engines from running correctly.
In such a case, you would have to enter Safe Mode with Networking and start a scan from there. Please be aware that you should not try to remove G.exe virus manually, as it will only harm your system even more. After the elimination, you should perform another system scan using ReimageIntego. This software will be able to fix the system files and bring the PC back to normal.