McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• BackDoor-GZ.svr

• W32/NewsTick

Characteristics

This is a Windows 9x Internet Backdoor trojan. When running it gives full access to the system over the Internet to anyone running the appropriate client software. The application hides itself from the Win9x task manager.

This trojan installs the file "NewsTick.exe" in the WINDOWS STARTUP folder and adds itself under the registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ Win-Amp=
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\NEWSTICK.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\WinRoute=
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\NEWSTICK.EXE

There are a couple different versions of this trojan, so the filename is only one possibile filename.

It writes the file "gonk.wnk" to the Windows System directory

Symptoms

Existence of above-mentioned files and/or registry changes.

Method of Infection

Running this trojan intentionally or accidentally will install to the local system.

Removal

All Windows Users:
Use current engine and DAT files for detection and removal.

Manual Removal Instructions

Delete the registry key(s) as mentioned above
Information on deleting registry keys

Restart the computer

Delete the files mentioned above

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• BackDoor-GZ.svr

• W32/NewsTick

Characteristics

Characteristics -

This is a Windows 9x Internet Backdoor trojan. When running it gives full access to the system over the Internet to anyone running the appropriate client software. The application hides itself from the Win9x task manager.

This trojan installs the file "NewsTick.exe" in the WINDOWS STARTUP folder and adds itself under the registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ Win-Amp=
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\NEWSTICK.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\WinRoute=
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\NEWSTICK.EXE

There are a couple different versions of this trojan, so the filename is only one possibile filename.

It writes the file "gonk.wnk" to the Windows System directory

Symptoms

Symptoms -

Existence of above-mentioned files and/or registry changes.

Method of Infection

Method of Infection -

Running this trojan intentionally or accidentally will install to the local system.

Removal -

Removal -

All Windows Users:
Use current engine and DAT files for detection and removal.

Manual Removal Instructions

Delete the registry key(s) as mentioned above
Information on deleting registry keys

Restart the computer

Delete the files mentioned above

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A