1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar



Trojan.PSW.Goga, Goga



Goga is a trojan that is executed from a malicious Rich Text Formatted (.rtf) document. Due a security vulnerability, macros are able to execute from a template pointed by a RTF file without notification to the user in Microsoft Word.

Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Technical Details

The macro in the template drops and executes an utility that collects dial-up settings from Windows. This includes the user name and the password. This information is then sent to another web site.

The template is no longer available on the web.

Further information and a fix for the vulnerability is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/MS01-028.asp


F-Secure Anti-Virus detects this trojan with updates published at June 15th, 2001.

Technical Details: Katrin Tocheva, Gergely Erdelyi and Sami Rautiainen, F-Secure; June 2001

Submit a sample

Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Scan and clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free