jeep007jonathan and everyone else on the list:
Do NOT click on the link on his message. It looked pretty much like
the following:
> Click here for Free Video!!
> http://www.addresschanged_gohip.com/free_video/
I added the addresschanged_ so the link wouldn't work. Here are the
details on this near-virus and how to remove it:
Gohip places a hidden executable file (Trojan) in the following
location:
"C:\Program files\Browserenh\Winstartup.exe".
This executable changes your browser and email settings the first time
you
reboot your computer. Even if you remove all references from the
browser and
change your setting back to normal, it will reset them to Gohip's
settings
the next time you restart your computer. For this reason, we'll have to
go
into the Windows registry and manually remove all registry keys
involving
Gphip and their Trojan.
The steps:
1. Stop the Trojan from running.
2. Delete the "C:\Program files\Browserenh\Winstartup.exe"file and
folder.
3. Remove all entries from the Windows Registry.
4. Manually reset your browser and email settings.
5. Restart your computer.
Step 1: Stopping it from running. Hit <ctrl>+<alt>+<del> to bring up
the
Windows task manager. Highlight "Winstartup" if present and select the
"End
Task" button. When a nag screen appears, confirm your desire to end the
task. You may have to repeat this up to 3 times before the Trojan
finally
terminates.
Step 2: Delete the Trojan and it's folder. From your start button, go
to
Start -> Settings -> Folder Options. Under the "View" tab, make sure
"Show
All Files" is checked. Them OK the changes and close out of the options
screen.
Open "My Computer" from the desktop, and open your "C" drive, then
Program
Files. Locate the "Browserenh" folder, highlight the folder, and hit
the
delete key on the keyboard. Confirm that you want it sent to the
recycle
bin.
Step 3: Remove registry entries. From the Start button, select "Run"
and
type REGEDIT in the run window. When the registry editor comes up, hit
the
F3 key to bring up the search function. You will perform 3 searches.
A: Search for "gohip". Every time it locates a "key", right click on
the key
and select "modify". Clear the the data field with the backspace key,
and
hit OK to save the changes. Hit F3 again to continue the search and
clear
all keys until the editor indicated you have finished the entire
registry.
B: Start from the top of the registry and search for "winstartup". As
before, clear the data fields from any keys it finds. Keep searching
until
you finish the registry.
C: Start fom the top and search for "Browserenh". This will locate a
whole
series of folders and subfolders on the left panel of the registry
editor.
Select the parent "Browserenh" folder, right click, and select
"DELETE".
Confirm the delete and exit the registry editor.
Step 4: Reset your browser. In Internet Explorer or Netscape, reset
your
home page, search window page, and other pages to your desired
settings.
Change your email signature line back to your desired signature.
Step 5: Restarting your computer. Empty your Recycle Bin so the Trojan
is
completely gone from your system. From your start button, go to run,
and
type "msconfig" and hit enter. When the Configuration Editor opens, go
to
the Startup tab, and look for "Winstartup"... And clear the check mark
from
the box for Winstartup if present. Ok your way out.
If you made any changes, it will prompt you to reboot. If not, reboot
your
computer now. When it restarrs, you should be completely free of the
changes
Gohip forced on you. If you have any problems, post them to the group
or
email me privately.
=====
Thanks,
Adam Bradley
'70 Datsun 1600 Roadster SPL311-28181
'66 Datsun PL411 sedan PL411-022447
http://www.picturetrail.com/abend
Yahoo! Tax Center - online filing with TurboTax
http://http://taxes.yahoo.com/
/// datsun-roadsters@autox.team.net mailing list
|