PUA.Win32.GOMLab.A
a variant of Win32/GOMLab.A potentially unwanted application (NOD32)
Windows
Tipo de malware
Potentially Unwanted Application
Destructivo?
No
Cifrado
In the Wild:
Sí
Resumen y descripción
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Detalles técnicos
Detalles de entrada
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Instalación
Infiltra los archivos siguientes:
- %Program Files%\GRETECH\GomPlayer\KillGom.exe
- %Program Files%\GRETECH\GomPlayer\GVC.dll
- %Program Files%\GRETECH\GomPlayer\GomX.dll
- %Program Files%\GRETECH\GomPlayer\GomWeb3.dll
- %Program Files%\GRETECH\GomPlayer\GOM.exe
- %Program Files%\GRETECH\GomPlayer\GomWiz.exe
- %Program Files%\GRETECH\GomPlayer\GrLauncher.exe
- %Program Files%\GRETECH\GomPlayer\GrLauncher.ini
- %Program Files%\GRETECH\GomPlayer\setting.ini
- %Program Files%\GRETECH\GomPlayer\Icon.dll
- %Program Files%\GRETECH\GomPlayer\gom.ini
- %Program Files%\GRETECH\GomPlayer\LGPL.TXT
- %Program Files%\GRETECH\GomPlayer\RtParser.exe
- %Program Files%\GRETECH\GomPlayer\srt2smi.exe
- %Program Files%\GRETECH\GomPlayer\Dodge.dll
- %Program Files%\GRETECH\GomPlayer\qscl.dll
- %Program Files%\GRETECH\GomPlayer\gomplayer.com.ico
- %Program Files%\GRETECH\GomPlayer\ShellRegister.exe
- %Program Files%\GRETECH\GomPlayer\VSUtil.dll
- %Program Files%\GRETECH\GomPlayer\msvcr71.dll
- %Program Files%\GRETECH\GomPlayer\GVF.ax
- %Program Files%\GRETECH\GomPlayer\GSFU.ax
- %Program Files%\GRETECH\GomPlayer\GRFU.ax
- %Program Files%\GRETECH\GomPlayer\GNF.ax
- %Program Files%\GRETECH\GomPlayer\GAF.ax
- %Program Files%\GRETECH\GomPlayer\urls\default.asx
- %Program Files%\GRETECH\GomPlayer\SettingSkin\skin.xml
- %Program Files%\GRETECH\GomPlayer\SettingSkin\buttonframe.bmp
- %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\skin.xml
- %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_close.bmp
- %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_codec.bmp
- %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_detail.bmp
- %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\btn_detail2.bmp
- %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\desc.bmp
- %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\desc2.bmp
- %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\frame.bmp
- %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\horiz.bmp
- %Program Files%\GRETECH\GomPlayer\CodecFindSkin.jpn\top.bmp
- %Program Files%\GRETECH\GomPlayer\Text.jpn\Copyright.txt
- %Program Files%\GRETECH\GomPlayer\Text.jpn\History.txt
- %Program Files%\GRETECH\GomPlayer\Text.jpn\JMDBNotice.txt
- %Program Files%\GRETECH\GomPlayer\Text.jpn\Shortcut.txt
- %Program Files%\GRETECH\GomPlayer\jmdbhtml\close_off_btn.gif
- %Program Files%\GRETECH\GomPlayer\jmdbhtml\close_on_btn.gif
- %Program Files%\GRETECH\GomPlayer\jmdbhtml\noticebg.gif
- %Program Files%\GRETECH\GomPlayer\lang\GomJPN.dll
- %Program Files%\GRETECH\GomPlayer\lang\GomWizJPN.dll
- %Program Files%\GRETECH\GomPlayer\lang\ControlIDJPN.xml
- %Program Files%\GRETECH\GomPlayer\lang\ControlIDJPN2.xml
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_CH.bmp
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_CONTROLPANEL.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_FF.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_MUTE_OFF.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_MUTE_ON.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_OPEN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PAUSE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PLAY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PLAYLIST.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_PREFERENCE_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_REW.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SRCH.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_STOP.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_BORDER.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_CLOSE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_FULLSCREEN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MAINICON.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MAXIMIZE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_MINIMIZE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\BTN_SYS_RESTORE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\GomMain_JPN.swf
- %Program Files%\GRETECH\GomPlayer\skins\basic\LIST.XML
- %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_LB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_LT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_RB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\MAIN_RGN_RT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\SKIN.XML
- %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_KNOB_HOT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_MAIN_RANGE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_EMPTY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_FILL.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\SLIDER_VOLUME_KNOB_HOT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_ACT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_FRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CAPTION_NOACT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CHANNEL_FRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_CLIENT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_INFO.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_INFO2.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_LEFT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_CP_RIGHT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTBOTTOM.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTFRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTFRAME_BOTTOM.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_LEFTTOP.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_MAIN_BG.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_MAIN_BG2.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTBOTTOM.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTFRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTFRAME_BOTTOM.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_RIGHTTOP.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_SLIDER_BG.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_PAUSE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_PLAY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_READY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\STATIC_STATE_STOP.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\Static_main_border.bmp
- %Program Files%\GRETECH\GomPlayer\skins\basic\Static_main_logo.bmp
- %Program Files%\GRETECH\GomPlayer\skins\basic\TIME_FONT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CLOSE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_BIGFF.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_BIGREW.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_FF.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_DEFAULT_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_DN_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_RATE_UP_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_REW.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_SET_E_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_SET_S_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_BTN_SECTIONRPT_UNSET_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\CON_STATIC_SECTIONRPT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_EQ_PRESETS_DEL_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_EQ_PRESETS_SAVE_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_PRESETS_LIST.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_PRESETS_RESET_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_USE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_BTN_USE_ON.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_EMPTY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_FILL.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_PAN_EMPTY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\EQ_SLIDER_PAN_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_AUDIO.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_CONTROL_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_DVD.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\FRAME_SUB_VIDEO.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAINFRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_AUDIO_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_AUDIO_ON_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_CONTROL_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_CONTROL_ON_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_DVD.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_DVD_ON.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_SUB_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_SUB_ON_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_VIDEO_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\MAIN_VIDEO_ON_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\SUB_POS_LTRT_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\SUB_POS_UPDN_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\SUB_SIZE_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_CAP2_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_CAP_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_LANGNEXT_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_PSTOGGLE_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_RESET.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_SUBB_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BTN_SUBF_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_BT_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_CT_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_LINE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_EMPTY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_FILL.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_SLIDER_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\CP\VIDEO_ST_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\INFOLINE\background.png
- %Program Files%\GRETECH\GomPlayer\skins\basic\INFOLINE\infoline.html
- %Program Files%\GRETECH\GomPlayer\skins\basic\LOGO\GomMain.bmp
- %Program Files%\GRETECH\GomPlayer\skins\basic\LOGO\SOUNDONLY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_REPEAT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_REPEAT_ON.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_SHUFFLE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\BTN_SHUFFLE_ON.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\LIST_BKGND.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\LIST_SLIDER_MAIN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\LIST_SLIDER_MAIN_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\MAINFRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\MAINFRAME2.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_ADD_MENU_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_DEL_MENU_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_LIST_MENU_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_SEL_MENU_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_BTN_SORT_MENU_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_PLAYLIST_ITEM_FRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\basic\PL\PL_PLAYLIST_SELITEM_FRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_CONTROLPANEL_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_FF.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_MUTE_OFF.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_MUTE_ON.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_OPEN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PAUSE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PLAY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PLAYLIST_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_PREFERENCE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_REW.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_STOP.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_CLOSE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_FULLSCREEN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_MAINICON.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_MAXIMIZE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_MINIMIZE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\BTN_SYS_RESTORE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\LIST.XML
- %Program Files%\GRETECH\GomPlayer\skins\default\LITE.XML
- %Program Files%\GRETECH\GomPlayer\skins\default\MAIN_RGN_RB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC.XML
- %Program Files%\GRETECH\GomPlayer\skins\default\SKIN.XML
- %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_MAIN_RANGE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_EMPTY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_FILL.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\SLIDER_VOLUME_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_ACT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_FRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CAPTION_NOACT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_BOTTOM.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_CLIENT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_LEFT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_MID.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_INFO_RIGHT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_LEFT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_CP_RIGHT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_LEFTFRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_RIGHTFRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_PAUSE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_PLAY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_READY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\STATIC_STATE_STOP.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\TIME_FONT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CLOSE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_BIGFF.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_BIGREW.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_FF.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_DEFAULT_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_DN_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_RATE_UP_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_REW.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_SET_E_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_SET_S_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_BTN_SECTIONRPT_UNSET_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\CON_STATIC_SECTIONRPT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_EQ_PRESETS_DEL_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_EQ_PRESETS_SAVE_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_PRESETS_LIST.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_PRESETS_RESET_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_USE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_BTN_USE_ON.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_FONT_SMALLNUM.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_EMPTY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_FILL.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_PAN_EMPTY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\EQ_SLIDER_PAN_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\FRAME_AUDIO.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\FRAME_CONTROL_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\FRAME_SUB_VIDEO.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAINFRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_AUDIO_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_AUDIO_ON_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_CONTROL_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_CONTROL_ON_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_DVD.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_DVD_ON.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_SUB_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_SUB_ON_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_VIDEO_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\MAIN_VIDEO_ON_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\SUB_POS_LTRT_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\SUB_POS_UPDN_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\SUB_SIZE_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_CAP2_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_CAP_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_LANGNEXT_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_PSTOGGLE_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_RESET.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_SUBB_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BTN_SUBF_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_BT_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_CT_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_LINE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_EMPTY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_FILL.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_SLIDER_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\CP\VIDEO_ST_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\BTN_AD.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\GOM_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\SIDE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\SOUNDONLY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\LOGO\STATIC_AD.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\INFO_FRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_EMPTY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_FILL.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_MAIN_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_EMPTY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_FILL.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\MUSIC\SLIDER_VOLUME_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PAUSE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAY.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAYLISTNEXT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_PLAYLISTPREV.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_REPEAT.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_REPEAT_ON.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_STOP.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\BTN_SYS_MINIMIZE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\CLOSE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_BKGND.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_FRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_SLIDER_MAIN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\LIST_SLIDER_MAIN_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\MAINFRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\MAINFRAME_temp.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\MINIMIZE.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_ADD_MENU_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_DEL_MENU_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_LIST_MENU_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_SEL_MENU_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_BTN_SORT_MENU_JPN.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_PLAYLIST_ITEM_FRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\PL_PLAYLIST_SELITEM_FRAME.BMP
- %Program Files%\GRETECH\GomPlayer\skins\default\PL\SLIDER_VOLUME_KNOB.BMP
- %Program Files%\GRETECH\GomPlayer\logos\smile.jpg
- %Program Files%\GRETECH\GomPlayer\Uninstall.exe
Agrega los procesos siguientes:
- "%Program Files%\GRETECH\GomPlayer\KillGom.exe" GOM.EXE
- "%Program Files%\GRETECH\GomPlayer\ShellRegister.exe"
- "%Program Files%\GRETECH\GomPlayer\GOM.exe" /RegServer
- "%Program Files%\GRETECH\GomPlayer\GOM.exe" /regassoc
(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).
)Otras modificaciones del sistema
Agrega las siguientes entradas de registro:
HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer
ProgramFolder = %Program Files%\GRETECH\GomPlayer
HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer
ProgramPath = %Program Files%\GRETECH\GomPlayer\GOM.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH\
GomPlayer
ProgramFolder = %Program Files%\GRETECH\GomPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH\
GomPlayer
ProgramPath = %Program Files%\GRETECH\GomPlayer\GOM.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
GOM.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
GOM.exe
Path = %Program Files%\GRETECH\GomPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
DisplayIcon = "%Program Files%\GRETECH\GomPlayer\GOM.exe",0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
DisplayName = GOM Player
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
DisplayVersion = 2.1.26.5029
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
InstallLocation = %Program Files%\GRETECH\GomPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
Publisher = Gretech Corporation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
UninstallString = "%Program Files%\GRETECH\GomPlayer\Uninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
VersionMajor = 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
VersionMinor = 1
Otros detalles
Agrega las siguientes entradas de registro como parte de la rutina de instalación:
HKEY_CURRENT_USER\Software\GRETECH
HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer
HKEY_CURRENT_USER\Software\GRETECH\
GomPlayer\OPTION
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}\OpenWithList
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
FileExts\.{file extension}\UserChoice
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.{file extension}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
avis\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomcmd\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
gomlogo\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Gomplayer.Skinfile\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\Enqueue
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\Enqueue\
Command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\Enqueue\
DropTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomPlayer.{file extension}\shell\open\
DropTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GomWebCtrl.GomWeb\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
jamak\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogms\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH
HKEY_LOCAL_MACHINE\SOFTWARE\GRETECH\
GomPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
GOM.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
GOM Player
It connects to the following possibly malicious URL:
- http://app.{BLOCKED}b.com/jpn/gom/Promotion_JPN.ini
- http://promotion.{BLOCKED}er.jp/ini/setting.php
- http://promotion.{BLOCKED}er.jp/promotion/Checker
- http://www.{BLOCKED}b.com/
- http://www.{BLOCKED}b.com/ipCheck/ipCheck.php
Soluciones
Step 1
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 2
Quitar PUA.Win32.GOMLab.A por medio de su propia opción de desinstalación
Step 3
Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como PUA.Win32.GOMLab.A En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Rellene nuestra encuesta!