Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account

Removal instructions for Ginemo

- - - - -

  • Please log in to reply
No replies to this topic



    Spyware Veteran

  • GeekU Moderator
  • 32,028 posts
Content is republished with permission from Malwarebytes.

What is Ginemo?

The Malwarebytes research team has determined that Ginemo is ransomware. These so-called "ransomware" try to trick you into paying a ransom to get back control over your system.

How do I know if my computer is affected by Ginemo?

You may see this screen that keeps refreshing itself, effectively locking up your computer:


The ransomware may be targeted at people who can't read Russian as the text on the screen says:

Good bye stupid
How did Ginemo get on my computer?

Ransomwares use different methods for distributing themselves. This particular one was installed by a trojan.

How do I remove Ginemo?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application, but due to the nature of the infection this will require some extra actions.

Method 1:
  • In the screen use the buttons to enter the displayed password "690717803018521"
  • The button below the numbers can be used to clear the input box, in case you made a mistake.
  • Use the upper right hand button to enter the password
  • The desktop will be accessible again and you can continue using the instructions below (under "Scan")
Method 2:
To use this method you will need a second user profile.
  • Use the keyboard combination Ctrl-Alt-Del and choose "Switch User" from the menu
  • Continue using the instructions below (under "Scan")
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to:
    Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • If an update is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Ginemo?
  • No, Malwarebytes' Anti-Malware removes Ginemo completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tech Supprt Scam.


Technical details for experts

You may see these entries in FRST logs:

 HKCU\..\RunOnce: [userini] C:\Users\{username}\AppData\Roaming\Sdat.exe [446464 2016-10-24] () 
 HKCU\...\Winlogon: [Shell] C:\Users\{username}\AppData\Roaming\Sdat.exe <==== ATTENTION
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware

Scan Date: 10/24/2016
Scan Time: 10:26 AM
Logfile: mbamGinero.txt
Administrator: Yes

Malware Database: v2016.10.24.01
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325974
Time Elapsed: 9 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent.RNS, C:\Users\{username}\AppData\Roaming\Sdat.exe, Quarantined, [04fd5c41d3c795a1de6ac43dcd37748c], 

Physical Sectors: 0
(No malicious items detected)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.