Home Rogue Websites Gahsoft.com

Gahsoft.com

Posted: February 7, 2011

Gahsoft.com is a virus spread, just like you'd think, by the site of the same name. It has a strong synergy with rogue anti-virus programs and rogue-carrying viruses, particularly Antivirus .NET. Because of that synergy and the general proclivity of Gahsoft.com to hijack your browser, the site should be avoided at all costs, and any infections should be removed immediately. Disregard all its warning of infection, since Gahsoft.com is itself an infection and has no qualms about lying to your face.

Gahsoft.com is a Clean Veneer over Virus-Laden Rot

Gahsoft.com, being a virus, is unlikely to announce its arrival onto your hard drive. It will almost always try creep on without your knowledge, so it can do its illegal job with you none the wiser initially. You can best prevent it by avoiding unsafe websites. Although unsafe websites may look professional, take note of warning signs like not having "https" on the URL of the page that asks to enter sensitive information such as your credit card number and no functioning contact links for support.
 
The Gahsoft.com infection's foremost purpose is to snatch the reins of your browser. With control over your browsing, it will lead you to other dangerous sites to encourage you to download malware like rogue anti-virus programs. These rogue anti-virus programs, purporting themselves to be security software, will then steal your credit card information should you be careless enough to offer it. These redirections will occur very frequently and without your control, even when you're attempting to browse completely different sites. Popular search engines such as Google and Yahoo are particularly targeted. Your default homepage will also likely be altered.
 
This Gahsoft.com hijacker is barely getting started, though! Since it's not content with disabling your web browsing, Gahsoft.com also has the following secondary symptoms:

  • It will throw a delude of pop-ups on your screen. This is simply another way to get you to visit dangerous sites, by causing you to click on the pop-ups either deliberately or accidentally.
  • Your desktop image may change to one more to Gahsoft.com's liking.
  • Your system registry will be corrupted
  • .

  • Your system may slow down drastically
  • .

  • Programs and the operating system itself may start or shut down without any warning, for seemingly no reason.

The last attack Gahsoft.com forces you to endure is a series of error messages. These will usually notify you of a viral infection. Given the symptoms of Gahsoft.com, these errors are very believable! The telltale sign comes when these errors attempt to direct you to a site advertising a rogue 'product' or otherwise encourage you to perform an unsafe and obviously commercial action.

Don't Fall Under Gahsoft.com's Spell

The rotten combination of Gahsoft.com and Antivirus .NET will spoil your day if you give them your trust. Keep your money and your browser away from these two! If you think you're infected, you should be prepared to take any steps needed to remove these unwanted infections from your computer. Using a different and more secure browser might let you avoid this hijacker's website redirects, but this shouldn't be considered an alternative to deleting Gahsoft.com.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Temp%\[random]\
    2 %Temp%\[random]\[random].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:33921"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"HKEY_CURRENT_USER\Software\[random]
Loading...