Gary....I know how you feel, I just went thru 3 days getting my system staightened out. Do search for brasil.exe..on your system.also known by other names, but that's a bad one. -Ed- Tel-Tek Electronic. Ontario-Canada teltek2@xxxxxxxxxxxx ----- Original Message ----- From: "Gary McCartney" <number63@xxxxxxxxxxxxx> To: <techassist@xxxxxxxxxxxxx> Sent: Saturday, October 26, 2002 11:16 PM Subject: [TechAssist] security problems today > > I've had a busy day keeping my computer safe. > > First, I received several klez32 vir. and Norton AV 2002 picked them all > up no problem, except after quaranteening it one time, my inbox froze > (Netscape 4.79). I restarted Netscape and it wouldn't allow me to access > my inbox at all. Then I scanned my whole system for vir. > but Norton found nothing. I was lucky in finding what was causing the > problem. After pressing "Control/Alt/Delete" to go into the Win 2000 > task manager, in the processes tab, Netscape was shown as still running > even though I had closed it down. I clicked on the line and closed > Netscape from there, then I could get my mail again. What a relief. > > Second, I noticed an ICON on my desktop that didn't belong there. It > said, "GO IN.EXE" > I did not click on it, fearing an uninvited guest placed it there. I did > a search on Google and found out that it was an uninvited dial-up > connection installed in Dial-up Networking. If I would have clicked on > the icon, I think it would have dialed up an overseas 1-900 number and > I'd been charged hundreds of bucks for the call. > > I deleted everything from my files relating to "go in.exe" plus I > scanned my registry for any keys, plus I did a Norton Win Doctor on my > hard drive. This removes obsolete or bad keys from your registry. Then I > deleted temp internet files from IE and cleared all my Netscape cache. > > Then I rebooted and the dial-up connection is gone, but the warning is > that it could come back, maybe days later. I searched Symantec's site > but they don't seem to know about it. I will be forwarding this email to > them. > > I didn't find a lot of info on the net regarding this, but here is what > another person had to say about it: > > > > > > SECURITY ALERT FOR PERSONAL COMPUTER USERS: I just learned today of a > program call "go in.exe" that will be surreptiously installed on your > computer from surfing > the web, usually there will be an invisible java program on a website of > the type that collect stats on browser hits, that installs this on your > harddrive. What it does is Change > the Default for your dialup connection and redirect it to their system. > Then when you dialup, instead of your common carrier for $19.95 a month > or whatever you are paying > for internet connection, they are using overseas long distance lines and > you may then get a bill for thousands of dollars. I didn't get the > details on how they would attempt to > collect the money from you, but it would come under the auspices of > "computer crime." However, the crime occurs in your area, and my finding > so far is that local law > enforcement officers as a rule do not have "the first clue!" > > Everyone should check their .exe files on the computer, and take note of > any that look suspicious. You can do this by going to your START MENU, > select FIND, then type > ASTERISK DOT EXE in this format *.exe and then click FIND, it will LIST > every program and you can then find out the nature of it by selecting > FILE then PROPERTIES. Don't > remove anything before you make sure that it is not an operating system > file, or check with a computer expert, but you can temporarily disable > it by changing the file to > "READ ONLY." > > > > -- > > > > Gary McCartney > > McCartney Electronics > 7134 Fife Rd, RR 7 > Guelph Ontario Canada N1H 6J4 > Fax: (519)821-1530 > email: number63 (at) inetsonic.com > > ------------------------------------------ > To REMOVE your email address, click here: > http://www.tech-assist.org/unsubb.html > To CHANGE your email address, click here: > http://www.techassist.net/forms/change.html > ------------------------------------------ > ***NEW*** Tips Added Instantly!!!*** > Submit Repair Tips here: > http://www.tech-assist.org/secure/tip/ ------------------------------------------ To REMOVE your email address, click here: http://www.tech-assist.org/unsubb.html To CHANGE your email address, click here: http://www.techassist.net/forms/change.html ------------------------------------------ ***NEW*** Tips Added Instantly!!!*** Submit Repair Tips here: http://www.tech-assist.org/secure/tip/