How to remove GodLoader

What is GodLoader

GodLoader is a sophisticated piece of malware that leverages the flexibility of the Godot Engine, an open-source game development platform, to infiltrate systems across multiple operating environments, including Windows, macOS, Linux, Android, and iOS. This malware is propagated through a deceptive network known as the Stargazers Ghost Network on GitHub, where malicious actors disguise harmful scripts within legitimate game files. By exploiting the .pck file system used by the Godot Engine to store game assets, GodLoader manages to execute malicious code when these files are loaded, often bypassing traditional antivirus detection. This Trojan-type malware is primarily used to deliver payloads such as the RedLine information stealer and the XMRig cryptocurrency miner, which can lead to significant issues like identity theft, financial loss, and degraded system performance. Despite its complex nature, GodLoader remains undetectable by most antivirus tools, posing a severe threat to users who unknowingly download infected game mods or other content. The absence of visible symptoms makes it particularly dangerous, as it operates silently, stealing sensitive data and consuming system resources without alerting the user. To mitigate the risk, users should ensure they download software only from trusted sources and maintain up-to-date security tools capable of detecting sophisticated threats.

How GodLoader infected your system

GodLoader is a sophisticated piece of malware that infiltrates computers primarily through compromised game assets associated with the Godot Engine, a popular open-source game development platform. Attackers utilize the Godot Engine’s flexibility, particularly its .pck files used for game asset storage, to conceal malicious code, which gets executed when unsuspecting users download and run these files as part of a game or mod. This malware is often distributed via the Stargazers Ghost Network on GitHub, where cybercriminals disguise the harmful files as legitimate content, thereby bypassing traditional antivirus detection methods. Once inside the system, GodLoader serves as a conduit, deploying additional malicious payloads like information stealers and cryptocurrency miners, which can result in severe issues such as identity theft and degraded system performance. The cross-platform nature of GodLoader means it poses a threat to various operating systems, including Windows, macOS, and Linux, making it a versatile and elusive threat. Users can mitigate the risk of infection by ensuring they only download software from trusted sources and by regularly updating their security measures.

1. Download GodLoader Removal Tool
2. Use Windows Malicious Software Removal Tool to remove GodLoader
3. Use Autoruns to remove GodLoader
4. Files, folders and registry keys of GodLoader
5. Other aliases of GodLoader
6. How to protect from threats, like GodLoader

Remove GodLoader manually

Manual removal of GodLoader by inexperienced users may become a difficult task because it does not create entries in Add/Remove Programs under Control Panel, does not install browser extensions, and uses random file names. However, there are pre-installed instruments in the Windows system, that allow you to detect and remove malware without using third-party applications. One of them is Windows Malicious Software Removal Tool. It comes with Windows Update in Windows 11, 10, 8. 8.1. For older operating system you can download it here: 64-bit version | 32-bit version.

Remove GodLoader using Windows Malicious Software Removal Tool

1. Type mrt in the search box near Start Menu.
2. Run mrt clicking on found item.
3. Click Next button.
4. Choose one of the scan modes Quick scan, Full scan, Customize scan (Full scan recommended).
5. Click Next button.
6. Click on View detailed results of the scan link to view the scan details.
7. Click Finish button.

Remove GodLoader using Autoruns

GodLoader often sets up to run at Windows startup as an Autorun entry or Scheduled task.

1. Download Autoruns using this link.
2. Extract the archive and run Autoruns.exe file.
3. In Options menu make sure there are checkboxes near Hide Empty Locations, Hide Microsoft Entries, and Hide Windows Entries.
4. Search for suspicious entries with weird names or running from locations like: C:\{username}\AppData\Roaming.
5. Right-click on suspicious entry and choose Delete. This will prevent the threat to run at startup.
6. Switch to Scheduled Tasks tab and do the same.
7. To remove files themselves, click on suspicious entries and choose Jump to Entry…. Remove files or registry keys found.

Remove files, folder and registry keys of GodLoader

GodLoader files and folders


{randomname}.exe


GodLoader registry keys


no information


Aliases of GodLoader

How to protect from threats, like GodLoader, in future

Standard Windows protection or any decent third-party antivirus (Norton, Avast, Kaspersky) should be able to detect and remove GodLoader. However, if you got infected with GodLoader with existing and updated security software, you may consider changing it. To feel safe and protect your PC from GodLoader on all levels (browser, e-mail attachments, Word or Excel scripts, file system) we recommend a leading provider of internet security solutions – BitDefender. Its solutions both for home and business users proved to be one of the most advanced and effective. Choose and get your BitDefender protection via the button below:

Download BitDefender