Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


gangnamgame Hijack Malware

  • This topic is locked This topic is locked
1 reply to this topic

#1 Nivius


  • Members
  • 2 posts
  • Gender:Male
  • Local time:03:15 PM

Posted 16 September 2015 - 08:58 AM

So first of all, i have fixed it, so this is more of a post so that people can find and fix it themself!


The source of this malware seem to be from suspicious "cracks" to games from the 3dm Group and started happening around 14-15 September 2015


Tag words:  gangnamgame.net gangnamgame gangnamgame.org






This was first noticed when i started my computer and it opened up a fake site (http://gangnamgame.net/) noticing this i tried to start regedit and remove the command to start it and start my work with removing whatever installed this. But this Virus/Malware will stop programs from starting that are named specific things. like "Regedit.exe" and "mbam.exe" so it was troublesome to remove as my normal antivirus AVAST did not find it.


you can remove it from starting at startup by using MSCONFIG as it is not blocked! it goes under the name of something like:

"Operatingsystem Microsoft Windows" claimed to be made by "Microsoft Corporation" with the command (in my case and a few friends) "cmd.exe /c start http://gangnamgame.org && exit"


but to remove it completely i copied "mbam.exe", the exe file that runs Malwarebytes Anti-Malware and pasted it in the same folder actively changing the name of the file to "mbam - Kopia.exe" in my case. this enables MAM to start. 


Update the database and scan.


This will find the Malware and the changes made in Regedit and Malwarebytes Anti-Malware can and will remove it. 


scan with ccleaner as well to be sure after you restarted your computer



I hope this helped!

Edited by Nivius, 16 September 2015 - 09:16 AM.

BC AdBot (Login to Remove)


#2 pystryker


  • Malware Response Team
  • 730 posts
  • Gender:Male
  • Local time:08:15 AM

Posted 17 September 2015 - 06:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users