> Spyware Encyclopedia Page 62 > Golden Retriever

Golden Retriever removal

Spyware Golden Retriever Information
Name: Golden Retriever Category: RAT Author: Noa Dangerous: Yes

Golden Retriever is one of RAT spywares.
Will ftp to a designated ftp site & download RunMe.exe [any trojan may be renamed to this name]. After it succesfully downloads it, it will be spawned. Finding it on your computer means that your computer is infected with RAT and crucial data could be endangered or even lost.

Golden Retriever description by Noa:

Creator: ´Golden Retreiver v1.1 BETABy Noa What the h%ll is it? Golden Retreiver is a very simple trojan made to do one specific thing. Once GR is run it´ll ftp to your ftp site & download the file called RunMe.exe. After it succesfully downloads it, it´ll be spawned. NOTE: For a more detailed description scroll down. Package Description GRcfg.exe- This needs to be run 1st so you can specify the username, password, ftp server, & binary file to download. GR.exe- This is the Golden Retreiver trojan file that needs to be spawned on a remote computer. This one´ll not restart with windows. GRreg.exe- This is the Golden Retreiver trojan file that needs to be spawned on a remote computer. This one´ll restart with windows. GRreg.exe.bak- This is a back-up of the one above because the GD trojan file can only be configured once. Read-Me.bat- Your viewing it dipsh%t. Read-Me.pif- settings for readme file. Detailed description When you run the trojan file it´ll copy itself to c:\mstask.exe with a different icon & add itself to the reg as "Task Manager" in /CurrentVersion/Run/. Then GR will check & see if it has allready been run & had a successfull download. If it hasn´t then it´ll ftp to your previously specified ftp site & download the exe file named RunMe.exe(It *IS* Case Sensitive). If it can not successfully download the trojan at that time than it´ll try ever 5 minutes till it is successfull. If it´s successfull than it´ll not start again tilll the downloaded trojan is deleted:) !IMPORTANT NOTES!- In the config application make sure that when it asks you for executable that you put RunMe.exe, or it´ll not work at all. Also, GR.exe will not copy itself to the c:\ dir & add itself to the reg. Getting Started Step#1. Upload your favorite trojan or whatever to your ftp site & rename it RunME.exe(Case Sensitive). Step#2. Run Config.exe & specify the required info. Step#3. Give the GR Trojan file to a victim in some form or another. Step#4. Go to your ftp site & look for The_Trojan_Was_Uploaded. If it is there then trojan was successfully downloaded. iMPORTANT iNFO The trojan file does not require any VB runtime any file because it was not coded in VB. BUT, the config.exe application requires VB6 runtimes. Sorry about that. I had probs with making it in c++.´

This RAT is also known as:

•GR.
• Win32.TrojanDropper.Win32.GR.
• Win32.TrojanRunner.GR.

>> Delete Golden Retriever automatically - Download Spyware Doctor

Golden Retriever Removal Instructions
Kill the following processes mstask.exe, grcfg.exe
Remove the following files grcfg.exe, read-me.bat, read-me.pif. mstask.exe in c:\

Bookmark Golden Retriever page

Previous Spyware: Remove Golden Eye 2.2

Next Spyware: Remove Golden Retriever 1.1B