Ghdrive32.exe

Ghdrive32.exe is a component of certain Trojans that install Ghdrive32.exe to enable unauthorized data transfers and harmful alterations to your PC security. Major signs of being infected by Ghdrive32.exe include unusual port activity and changed port settings, the appearance of randomly-named processes in the Windows Task Manager and, of course, the appearance of Ghdrive32.exe itself in your Windows system folder. You should combat Ghdrive32.exe by using dedicated anti-malware applications to remove Ghdrive32.exe and any related Trojans or other threats since Ghdrive32.exe isn't likely to infect a computer without a few malware cohorts in tow.

Ghdrive32.exe – A Fresh Trojan-Installed Threat to Your Ports

Ghdrive32.exe is a relatively recent infection, having been first observed in early April of 2011. Since Ghdrive32.exe is incapable of delivering and installing itself, the Trojan Troj/DwnLdr-IXK is responsible for this task. DwnLdr-IXK also hails from early April, and if your anti-malware scanners are out of date you could be highly vulnerable to Ghdrive32.exe attacks.

The Windows system folders are Ghdrive32.exe's favorite hiding spots; Ghdrive32.exe will hide in these folders despite any minor path variations from different versions of Windows. Besides concealing itself, Ghdrive32.exe will also hide its own running processes under randomized names and use startup Windows Registry entries so that Ghdrive32.exe can run without your consent.

Ghdrive32.exe's full capabilities haven't been documented as of yet, but it's known that Ghdrive32.exe is capable of producing outbound and inbound traffic and altering settings related to PC security (like which ports are open) to enable such traffic. These are primary signs of spyware and Trojans that can steal private information or enable remote attackers to control your PC.

How You Should Deal with Ghdrive32.exe

In addition to creating many different port openings, Ghdrive32.exe will establish unauthorized connections with multiple IP addresses and IRC servers. Ghdrive32.exe may also request information from various websites that are used as part of a complex web of dynamic links. Attempting to halt this behavior without deactivating Ghdrive32.exe is likely to prove futile. Keep in mind that Ghdrive32.exe will start with Windows due to the Registry changes, so you'll need to use an alternate startup mode to stop Ghdrive32.exe's attacks.

Safe Mode is the most easily-accessible option for disabling Ghdrive32.exe's startup, since any Windows user can access it by tapping F8 during the system start (before Windows begins to load). Pre-installed non-Windows operating systems are also a viable option.

However, if you choose to stop Ghdrive32.exe from running, you should follow it up by removing Ghdrive32.exe with suitable anti-malware programs. A full system scan that is using the latest available threat definition updates should be able to catch both Ghdrive32.exe and the Trojan that delivered Ghdrive32.exe to your PC.

If you want to avoid getting infected by Ghdrive32.exe in the first place, consider exercising additional caution around file sources from the regions of Mexico, Israel, Australia and Sweden. These are currently reported being the primary countries infected by Ghdrive32.exe.