Home / Spyware Help / GoBot2 Removal Guide

GoBot2 Removal Guide

by 0 Comments

Do you know what GoBot2 is?

GoBot2 is a Trojan infection that can run on the target system for a long time before anyone even notices it’s there. Like most of the Trojan infections, it has wide functionality, and whatever it performs on the target system, depends on the people who control it.

In this description, we will go through several functions of this Trojan, and we will also discuss one of the more prominent cases of this infection. Also, at the bottom of this page, you will find the manual removal instructions you can use to delete GoBot2 for good.

This infection is written in the Go programming language, and it can be used across different platforms. It’s also an open-source application, which means that anyone can acquire the code and then edit it based on their needs. So when someone gets attacked with GoBot2 that has been heavily customized, it is very likely that the culprit behind the attack is no longer the original creator of the malware.

For example, back in July, it was reported that a customized version of GoBot2 is part of an ongoing malware campaign that uses torrent websites to spread around. The campaign mostly was spread through torrent sites that shared South Korean TV shows and movies. Instead of downloading a TV drama series, users were tricked into installing a Trojan on their computers, which allowed the attackers to control the infected computer remotely.

Please note that this particular version of GoBot2 is intended for South Korea, and it is not prevalent in other countries, although it has been detected in China and Taiwan as well. This version of GoBot2 gives us an insight into how different versions of this Trojan might spread around.

As mentioned, GoBot2 intended for South Korea targets torrent sites. The malware installer files pretend to be Korean movies and TV shows, and sometimes even Korean game installers. There is hardly a way to check whether the file really carries the media you want before running it. Of course, if you download a torrent file (and do not launch it through the magnet link), you can always scan the file with a security tool before you launch it. If your antispyware application is updated to the latest definitions, it should detect something suspicious about the file, and you would be able to avoid a malicious infection.

Nevertheless, if users open the compromised file, it usually launches an LNK type file (while users think they are about to open a media file), and this file executes the malware. At the same time, it also opens the original file, and this is what tricks users into thinking that nothing has gone wrong.

For the most part, GoBot2 is a rather straightforward malware, and it executes several Windows commands behind the user’s back. It can run the Command prompt, shutdown and restart the computer, close the Task Manager, and so on. The main point of GoBot2 is to turn the affected computer into a bot that is connected to a botnet. Consequently, the multiple computers infected by this Trojan can, later on, be used to execute DDoS (distributed denial of service) attacks on a particular victim. The infected computer can also access a number of websites without the user’s knowledge.

With GoBot2 running on the infected system, it is common to experience automatic system shutdowns and restarts; the program may also change your desktop’s background. Without your permission, it can seed torrents that you have downloaded, and it can even copy itself into public cloud storage services. For instance, if you use Dropbox, Google Drive, or OneDrive services, the malware might find its way into your cloud drives, too.

So, what should you do to get rid of GoBot2? First, regular system scans are important if you want to detect Trojans as soon as possible. Also, it would be a good idea to invest in a legitimate security tool that would help you terminate this intruder automatically. Manual removal is possible, but it is not recommended unless you are an experienced computer user. Should you have more questions about this infection or your computer security in general, please do not hesitate to leave us a comment.

How to Remove GoBot2

  1. Press Win+R and type %ALLUSERSPROFILE%. Click OK.
  2. Go to Microsoft\Windows\Start Menu\Programs\Startup.
  3. Delete the SeVntneDUq.exe and 4PWiBZRy5Q.exe files.
  4. Press Win+R again and type %AppData%. Click OK.
  5. Go to Microsoft\Windows\Start Menu\Programs\Startup.
  6. Delete the SeVntneDUq.exe file.
  7. Press Win+R and type %WINDIR%. Click OK.
  8. Delete the 4KOAwEwjvo6.exe file.
  9. Scan your computer with SpyHunter.

In non-techie terms:

It might be hard for regular users to notice the likes of GoBot2, but this Trojan could literally turn your computer into a zombie. Please run regular system security scans to protect your PC from this threat. Also, be careful about the files you download from p2p and other file-sharing websites. Trojans often masquerade as something useful, so they could trick users into downloading them. It might be easier to remove GoBot2 and deal with its consequences as opposed to a ransomware infection, but it’s better to avoid dealing with it altogether.