I'm probably being too technically nit-picky, but the program in question isn't
actually a Trojan, since it doesn't give anyone else access to your machine. It
IS, however, a pretty cheesy way for a company to trick people into advertising
its product. See the following link for the details:
http://www3.ca.com/Virus/Virus.asp?ID=5050
Gordon Glasgow
Renton, WA
> -----Original Message-----
> From: owner-datsun-roadsters@autox.team.net
> [mailto:owner-datsun-roadsters@autox.team.net]On Behalf Of Adam Bradley
> Sent: Monday, April 01, 2002 7:59 PM
> To: jeep007jonathan; datsun-roadsters@autox.team.net
> Subject: GOHIP alert! Re:
>
>
> jeep007jonathan and everyone else on the list:
>
> Do NOT click on the link on his message. It looked pretty much like
> the following:
>
> > Click here for Free Video!!
> > http://www.addresschanged_gohip.com/free_video/
>
> I added the addresschanged_ so the link wouldn't work. Here are the
> details on this near-virus and how to remove it:
>
> Gohip places a hidden executable file (Trojan) in the following
> location:
>
> "C:\Program files\Browserenh\Winstartup.exe".
>
> This executable changes your browser and email settings the first time
> you
> reboot your computer. Even if you remove all references from the
> browser and
> change your setting back to normal, it will reset them to Gohip's
> settings
> the next time you restart your computer. For this reason, we'll have to
> go
> into the Windows registry and manually remove all registry keys
> involving
> Gphip and their Trojan.
>
> The steps:
>
> 1. Stop the Trojan from running.
> 2. Delete the "C:\Program files\Browserenh\Winstartup.exe"file and
> folder.
> 3. Remove all entries from the Windows Registry.
> 4. Manually reset your browser and email settings.
> 5. Restart your computer.
>
> Step 1: Stopping it from running. Hit <ctrl>+<alt>+<del> to bring up
> the
> Windows task manager. Highlight "Winstartup" if present and select the
> "End
> Task" button. When a nag screen appears, confirm your desire to end the
> task. You may have to repeat this up to 3 times before the Trojan
> finally
> terminates.
>
> Step 2: Delete the Trojan and it's folder. From your start button, go
> to
> Start -> Settings -> Folder Options. Under the "View" tab, make sure
> "Show
> All Files" is checked. Them OK the changes and close out of the options
> screen.
>
> Open "My Computer" from the desktop, and open your "C" drive, then
> Program
> Files. Locate the "Browserenh" folder, highlight the folder, and hit
> the
> delete key on the keyboard. Confirm that you want it sent to the
> recycle
> bin.
>
> Step 3: Remove registry entries. From the Start button, select "Run"
> and
> type REGEDIT in the run window. When the registry editor comes up, hit
> the
> F3 key to bring up the search function. You will perform 3 searches.
>
> A: Search for "gohip". Every time it locates a "key", right click on
> the key
> and select "modify". Clear the the data field with the backspace key,
> and
> hit OK to save the changes. Hit F3 again to continue the search and
> clear
> all keys until the editor indicated you have finished the entire
> registry.
>
> B: Start from the top of the registry and search for "winstartup". As
> before, clear the data fields from any keys it finds. Keep searching
> until
> you finish the registry.
>
> C: Start fom the top and search for "Browserenh". This will locate a
> whole
> series of folders and subfolders on the left panel of the registry
> editor.
> Select the parent "Browserenh" folder, right click, and select
> "DELETE".
> Confirm the delete and exit the registry editor.
>
> Step 4: Reset your browser. In Internet Explorer or Netscape, reset
> your
> home page, search window page, and other pages to your desired
> settings.
> Change your email signature line back to your desired signature.
>
> Step 5: Restarting your computer. Empty your Recycle Bin so the Trojan
> is
> completely gone from your system. From your start button, go to run,
> and
> type "msconfig" and hit enter. When the Configuration Editor opens, go
> to
> the Startup tab, and look for "Winstartup"... And clear the check mark
> from
> the box for Winstartup if present. Ok your way out.
>
> If you made any changes, it will prompt you to reboot. If not, reboot
> your
> computer now. When it restarrs, you should be completely free of the
> changes
> Gohip forced on you. If you have any problems, post them to the group
> or
> email me privately.
>
>
> =====
> Thanks,
>
> Adam Bradley
> '70 Datsun 1600 Roadster SPL311-28181
> '66 Datsun PL411 sedan PL411-022447
> http://www.picturetrail.com/abend
> Yahoo! Tax Center - online filing with TurboTax
> http://http://taxes.yahoo.com/
>
> /// datsun-roadsters@autox.team.net mailing list
> /// Send admin requests to majordomo@autox.team.net or go to
> /// http://www.team.net/cgi-bin/majorcool
> /// Send list postings to datsun-roadsters@autox.team.net
/// datsun-roadsters@autox.team.net mailing list
|