Gimemo Trojan
Posted: August 20, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 79 |
| First Seen: | August 20, 2012 |
|---|---|
| OS(es) Affected: | Windows |
The Gimemo Trojan is a Kaspersky-brand detection for various ransomware Trojans and also can encompass PC threats that are unable to distribute themselves, PC threats that infect new computers through USB drives/networks (such as worms) and even Trojan downloaders. However, the foremost functions for members of the Gimemo Trojan family are to display misleading legal warnings that lock down your PC until you transfer a specified amount of money to the Gimemo Trojan's criminal partners. The exact nature of these warning messages can vary, since many ransomware infections like the Gimemo Trojan will attempt to configure their pop-up alerts based on the victim's IP address (and corresponding physical location). Gimemo Trojans and related PC threats always should be removed by blocking their startup mechanisms (via techniques discussed further below) and then scanning your PC with suitable anti-malware applications.
When a Police Warning is a Gimemo Trojan in Hiding
The Gimemo Trojan (or technically, Trojan-Ransom.Win32.Gimemo) is a range of Trojans with various features, all of which should be considered harmful to your PC. The definitive trait of the Gimemo Trojan family is their ability to display fraudulent pop-up warnings that accuse your PC of being involved in criminal activities – such as viewing forbidden types of pornography or downloading copyright-protected media content. Malware analysts have seen examples of Gimemo Trojans and related PC threats that tailor their contents to display regional authorities for the given PC's country. These pop-ups tend to request that you send a Ukash, Paysafecard, Paypal or mobile phone-based payment to acquire a code that will unlock your computer.
Since Gimemo Trojan pop-ups are even more illegal than the crimes they warn you about, such criminal alerts never need to be taken seriously except insofar as they're indicators of a ransomware Trojan on your PC. Most ransomware, including Gimemo Trojans, will claim that you will be subject to other penalties, including potential imprisonment, if you fail to pay their fines, but these threats can be considered fraudulent like the rest of a Gimemo Trojan pop-up. Deleting a Gimemo Trojan with anti-malware software may first require you to disable Gimemo Trojan with one of the following methods:
- Booting your PC into Safe Mode, which is available to Windows machines by tapping F8 while you reboot.
- If Safe Mode fails or is inapplicable, you may also use a USB drive to boot a clean OS.
In either case, SpywareRemove.com malware researchers note that you should know when you've deactivated Gimemo Trojan successfully due to the lack of a screen-blocking pop-up alert when your operating system launches.
Why a Little Pop-up Can Be the Least of Gimemo Trojan's Havoc
Gimemo Trojans can also include Trojans with other features besides ransomware-related attacks. Many of these members of the Gimemo Trojan are, themselves, high-level PC threats or promote high-level threats like banking Trojans, as SpywareRemove.com malware researchers have noted with the following examples:
- Trojan-Ransom.Win32.Gimemo.qln is a worm that uses Autorun exploits to infect new PCs via network-shared directories and removable media devices (USB flash drives, etc).
- Trojan-Ransom.Win32.Gimemo.uuh is a non-reproducing Trojan that disables the Task Manager while making contact with a C&C server. Such servers can be used for backdoor-related attacks against your PC.
- Trojan-Ransom.Win32.Gimemo.rjc is used to download and install spyware Trojans onto your PC, with an emphasis on members of the Bancos family that target South American bank accounts.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.