A website, called Gangnamgame(.)net has been observed to modify file on affected computer. The computer virus is deemed malicious and it has additions that enble it to stop antivirus software from starting up. Users that have been affected by the cyber threat reported that on system boot up the malicious threat is executing a script in the Windows Command Prompt that might change some system settings and make the software way more difficult to be uninstalled.
|Short Description||Gangnamgame may stop antivirus software and may collect credentials as well as download malicious files.|
|Symptoms||May rename antivirus .exe files with “xxx” name on them and delete or relocate their shortcuts. Command prompt is reported to run and close on system startup.|
|Distribution Method||Via patches, cracks or keygens uploaded in torrent sites. May be the aftereffect of unsafe browsing, opening corrupted mail attachments, drive-by downloads and malicious applications.|
|Detection tool||Download Advanced anti-malware tool, to See If Your System Has Been Affected By Gangnamgame Virus|
|User Experience||Join our forum to discuss Gangnamgame Virus.|
The Gangnamgame Virus – How Did I Become Infected?
The main method of distribution used by Gangnamgame(.)net may be a redirect to the malicious site that may have the potential to inject malicious script to the victim PC. The origin of this may be if the user clicked on an online banner believing it is trustworthy or simply visiting an unfamiliar site. Another cause may be having a PUP that may be causing browser redirects to malicious sites on request.
Furthermore, users may also get infected via a malicious mail attachments of the following file formats:
→.cfg; .dll; .tmp; .bat; .exe; .docx; .pdf; .pptx
Usually spam mails may resemble a reputable service or company such as PayPal, Windows, Apple and others.
Also, users have reported that torrents containing the name “Brick” downloaded on their computers contained malware. What is more, there was also another program, associated with a game patch/crack, known as 3DMGAME-MGSV that is reported to be malicious. This dangerous patch has been associated with the latest release of Metal Gear Solid. Bottom line is that you should always scan downloaded torrents with an anti-malware software or upload the files to VirusTotal.
Gangnamgame Virus – What Does It Do?
Once activated on the computer, the virus may create various files on the PC and similarly to ransomware such as CryptoWall, rename the antivirus program executables with an “xxx” name. Users have reported that they failed fixing them by trying to change the “xxx” back to the original name.
With time, it was established that this particular virus may have modified data in the following registry entries or created new values in them:
These entries may allow its payload to run every time you restart or turn on your device. Furthermore, the threat has been reported by malware researchers to have displayed advertisements of different forms and collect user information. The threat may also affect negatively the svchost.exe process in Windows Task Manager.
There are several other after effects of having Gangnamgame(.)net virus on your PC. The cyber threat might block anti-malware software from running in order to stay present for longer.
Also, it may or may not extract different information, for example:
- IP address.
- Necessary files.
- Sensitive information (Passwords, Financial Credentials).
Removing Gangnamgame(.)net Fully
Before you remove the Gangnamgame(.)net threat it is advisable to use unconventional methods since it has the ability to stop any antivirus software from running. In case you have it, chances are your antivirus may have also been turned ineffective. This is why it is advisable to use “Safe Mode with Networking” that will disable all third-party applications from running. After that you should use the following instructions:
Since this virus may affect Windows Registries, security experts advise users to check and clean the Registry Editor using these instructions:
1)Press Windows Logo Button + R
2)Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options
3) Start by checking all of the registry keys and values and the data in them. You will see the keys on the left side and the values on the right. Begin by checking the “(Default)” value and then work your way with the others. In case you see data containing processes such as svchost.exe which are not the original Windows processes, you should act towards removing these values and the processes with them.
Since manual removal may not have the best outcome, because there may be more the two or three registry values it is recommended to use a registry clean up tool in combination with an anti-malware software. Some anti-malware programs have registry cleaning embedded. By having such programs you also increase the overall protection level of your computer in the future.