Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Trojan/Backdoor - GirlFriend Detection

High

Synopsis

The remote host has a backdoor installed.

Description

GirlFriend is installed. This backdoor allows anyone to partially take the control of the remote system. An attacker may use it to steal your password or prevent your system from working properly.

Solution

To remove GirlFriend from your machine, open regedit to HKLM\Software\Microsoft\Windows\CurrentVersion\Run and look for a value named 'Windll.exe' with the data 'c:\windows\windll.exe'. Reboot to DOS and delete the C:\windows\windll.exe file, then boot to Windows and remove the 'Windll.exe' registry value. Manually inspect and repair this system