.tmp. For example, if Notepad.exe is the infected file, when you run Notepad.exe, it runs the file, Notepad.tmp. Notepad.tmp will be a clean copy of Notepad.exe. Creates a copy of the virus as %Windir%\Gog.exe. Adds the value: "GOG" = "%Windir%\GOG.exe" to the registry autorun keys: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices Adds the registry key: HKEY_LOCAL_MACHINE\Software\Classes\legend of mir2 Use RegRun Startup Optimizer to remove this worm. ">

gog.exe - Dangerous

gog.exe

Jeff's Story:

My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.

I sought a solution on the Internet and discovered your product and tried out the trial.

You quickly found the rootkit and SAVED my PC!

I haven't had any problems since, and I'm extremely grateful.

Free Download

Manual removal instructions:

gog.exe
W32.HLLP.Philis.B is a variant of W32.HLLP.Philis.
It prepends itself to all of the .exe files that it finds. It also tries to steal passwords from the "Legend of Mir 2" online game.
Emails the information that it finds to a predetermined email addresses.

Extracts and launches the infected file as .tmp.
For example, if Notepad.exe is the infected file, when you run Notepad.exe, it runs the file, Notepad.tmp.
Notepad.tmp will be a clean copy of Notepad.exe.
Creates a copy of the virus as %Windir%\Gog.exe.

Adds the value:
"GOG" = "%Windir%\GOG.exe"
to the registry autorun keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

Adds the registry key:
HKEY_LOCAL_MACHINE\Software\Classes\legend of mir2

Use RegRun Startup Optimizer to remove this worm.

Remove gog.exe now!