Trojan/Backdoor - GirlFriend Detection

High Nessus Network Monitor Plugin ID 1914


The remote host has a backdoor installed.


GirlFriend is installed. This backdoor allows anyone to partially take the control of the remote system. An attacker may use it to steal your password or prevent your system from working properly.


To remove GirlFriend from your machine, open regedit to HKLM\Software\Microsoft\Windows\CurrentVersion\Run and look for a value named 'Windll.exe' with the data 'c:\windows\windll.exe'. Reboot to DOS and delete the C:\windows\windll.exe file, then boot to Windows and remove the 'Windll.exe' registry value. Manually inspect and repair this system

Plugin Details

Severity: High

ID: 1914

File Name: 1914.prm

Family: Backdoors

Published: 2004/08/20

Modified: 2016/01/15

Nessus ID: 10094

Risk Information

Risk Factor: High