What is gs.exe?
gs.exe is a legitimate process file popularly known as Greg s Command Shell. It is associated with software GS.EXE - Greg s Command Shell developed by unknown. It is located in C:\Program Files by default.
Malware programmers write virus files with malicious scripts and save them as gs.exe with an intention to spread virus on the internet.
Affected Platforms: Windows OS
How to determine if your computer is infected with gs.exe malware?
Look out for the these symptoms to check if your PC is infected with gs.exe malware:
- Unstable internet connection
- gs.exe occupies extra CPU space
- PC processing speed slows down
- Browser often redirects to irrelevant websites
- Browser is bombarded with hordes of popup ads
- Computer screen freezes repeatedly
Take the following steps to diagnose your PC for possible gs.exe malware attack:
Step 1: Simultaneously press CTRL+ALT+DEL keys to open Task Manager.
Step 2: If you notice the file located outside C:\Program Files perform an antivirus scan to get rid of the malware.
How to remove gs.exe malware from system using Comodo Antivirus?
Step 1: Download our award-winning Comodo Free Antivirus.
Step 2: Installation configuration frames will be displayed. Select the configuration you would like to apply.
Step 3: Select Customize Configuration option and arrange installers, configuration, and file location.
Step 4: Restart your PC after the installation gets over
Step 5: Wait for Comodo Internet Security to update the antivirus.
Step 6: Proceed with the quick scan that automatically begins after the update.
Step 7: If threats are found during the scanning, you will be notified through an alert screen.
Step 8: Comodo Antivirus will remove gs.exe malware from your computer including all other malwares!
| No. | Company | File Type | SHA1 | MD5 | Malware Name |
Digitally Signed |
File Version |
Product Version |
Submitted From |
Malware Behavior |
|---|---|---|---|---|---|---|---|---|---|---|
| 1 | N/A | Executable | d849ddd52091fbf3 7b8d7d81ca702e24 a91420b7 |
22ef019f002a3517 0437b4ebfc45737e |
Virus.Win32. Ramnit.A |
No | N/A | N/A |  Argentina |
N/A |
| 2 | NULL | Executable | 4050bf2c0426b6de 399c4cfcfd10f822 b738e5ec |
acf76ddd91598a32 1f0c4d779bd9cf34 |
Unclassified Malware |
No | 1, 3, 0, 1307 |
NULL |  Internal Submission |
N/A |
| 3 | N/A | Executable | b10a506af7198046 be02b7dd27323208 6f86af8b |
86a68290d5898fd5 8d9f52a7863b40f8 |
Application. Win32.HackTo ol.Binder.~A |
No | N/A | N/A | Internal Submission |
N/A |
| 4 | 剑世山庄(www.jxsf8.com) | Executable | 1bd38db6c83a7075 386e235e9d84bfd3 5b9404f2 |
1195312c00f96a38 fe52d23a27ac5ac9 |
Unclassified Malware |
No | 3, 0, 0, 30 |
1.00.00.20 08 |
Internal Submission |
N/A |
| No. | Company | File Type | SHA1 | MD5 | Digitally Signed |
File Version |
Product Version |
Submitted From |
|---|---|---|---|---|---|---|---|---|
| 1 | N/A | Executable | 65b35e7a5d5bfb58 9eac163a31bf8010 8a1e5853 |
c815b2079e5aa322 f517fcbac3036552 |
No | N/A | N/A | 10.108.22.229/32 |
| 2 | N/A | Executable | fd45be3885a7d28c 3bb7a57830bdeaba f2c8492e |
de4af10d11dbe711 609ac898532e8753 |
No | N/A | N/A | Internal Submission |
| 3 | N/A | Executable | 7328cb7f4399843e d910d44342aff86c 5d835142 |
decae5c57f566281 80e5181e981a9f41 |
No | N/A | N/A |  United States |
| 4 | N/A | Executable | 4bf1543174ee8dc1 2ff2a77332e05a83 c56a7b20 |
41435513c676679e 8f405cb98fc5db03 |
No | N/A | N/A | 10.224.25.45/32 |
Hungary
