Home Forums Software Discussions General Software Topics Trojun.Goldun

  • General Software Topics

    Trojun.Goldun

    Posted by Simon Kay on 9 March 2006 at 04:18

    Does anybody know what to do with this?

    I’m trying to resurrect a laptop that caught this virus a while back. Never having had the time to do anything about it but now needing the laptop I reckon I should exorcise it. But how?

    What does the virus affect?

    Any answers welcomed.

    Thanks,

    Simon.

    Simon Kay replied 19 years, 7 months ago 4 Members · 7 Replies
  • 7 Replies

  • Shane Drew

    Member
    9 March 2006 at 04:47

    http://www.spywareguide.com/product_show.php?id=1964

    Hope this helps Simon

  • Simon Kay

    Member
    9 March 2006 at 23:18

    Thanks Shane. 😀

  • Nick Minall

    Member
    10 March 2006 at 07:55

    Can you do a clean install of the operating system?

    Nick

  • Simon Kay

    Member
    12 March 2006 at 00:31

    I don’t know Nick.
    There’s so much on it that would be disastrous if I lost it doing a system thingy. I’m not game to try, I’m not knowledgable enough.
    Might just leave it alone and abuse it everytime it comes up. Or I could fork out the $xxx to get the latest updated version of Norton and hope it does it.
    Cheers,

    Simon.

  • Dale Hughes

    Member
    12 March 2006 at 01:04

    When Trojan.Goldun is executed, it performs the following actions:

    Copies itself as %Windir%\wmedia16.exe.

    Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

    Adds the value:

    “Shell” = “%Windir%\wmedia16.exe”

    to the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Monitors Internet Explorer windows and steals user’s authentication information. It adds the following strings in the address bar:

    e-gold.com/acct/acct.asp
    e-gold.com/acct/accountinfo.asp
    e-gold.com/acct/login.html

    Arrives in an email message.

    The email will have the following characteristics:

    From: E-gold

    Subject:

    Attention! E-gold service pack
    MS Windows/Critical Error

    Attachment:

    setup.zip (contains the file setup.exe)
    MsWindowsUpdate.rar (contains the file MsWindowsUpdate.exe)

    Displays the archived file as an installer that patches the system but it actually drops and executes wmedia16.exe.

  • Nick Minall

    Member
    12 March 2006 at 08:54

    Try this link mate…

    http://www.symantec.com/home_homeoffice/index.html

    then > top things to do >free scan for viruses > then follow the instruction’s… good luck!

    Nick.

  • Simon Kay

    Member
    12 March 2006 at 09:03

    W 😮 W Dale,

    So you know a bit then, eh? 😀

    Thanks for the explaination, when it sinks in I’m sure it will be invaluable. Presumably it’s not quite as easy as going into the relevant directories and deleting what you have told me?

    Thanks to you too Nick. I’ll follow that link and see what happens.

    Cheers,

    Simon.

Log in to reply.

Start of Discussion
0 of 0 replies June 2018
Now

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .