Archive Helmet Icon Archive A Reconstructed © MegaSecurity Database

I Feel Lucky I Feel Very Lucky

GWGhost 2.72

Released 23 years, 11 months ago. May 2002

Copyright © MegaSecurity

By Machine_GW

GWGhost 2.72
Informations
From China
Author Machine_GW
Family GWGhost
Category Information Stealer
Version GWGhost 2.72
Released Date May 2002, 23 years, 11 months ago.
Additional Information
Server:
c:\WINDOWS\SYSTEM\scanregw.exe 

size: 35.072 bytes 

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" 
Old data: C:\WINDOWS\scanregw.exe /autorun 
New data: C:\WINDOWS\SYSTEM\SCANREGW.EXE /autorun 

added:
c:\WINDOWS\SYSTEM\DXInput.dll

Author Information / Description
GWGhost v2.72

Raise a ghost for all passwords!
--------------------------------
GWGhost is a PassWord Stealer. The main purpose is to grab all the masked passwords appeared
on the screen. GWGhost will automatically detect which window contains masked passwords,
and then take a snapshot of all text information in that window. The information will
be sent to your mail-box at intervals. From v2.0 and on, GWGhost can also log key strokes
of applications. You can setup GWGhost about which applications will be logged.

Many products, for example, Glacier, scan all windows repeatly for passwords and slow
down the system. Other product, alternatively, scan periodically but just lose some 
important information when the password stays not long enough on the screen.

GWGhost use another technique to solve these problems. It sets MouseHook and KeyboardHook 
to the whole system so that it can determine when to carry out a scan. And it only 
scan one application each time. GWGhost is fast and silent!

Another advantage is that you will never be disturbed by network firewalls,
even they can impose per-application restrictions. That's because GWGhost inject 
itself into other applications and do not perform the mail sending routines by itself.

History
-------------------------------

v2.72
-> Bug fixed.
-> Added English Edition.

Machine_GW

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.