high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Please read the instructions for removing Trojans.
Windows NT/2000
In Windows NT/2000 you will need to get a new copy of the file MSGINA.DLL from a backup, original media, or from another computer.
You will also need to delete the following registry key. The removal of this key is optional in Windows 95/98/Me.
At the Windows taskbar, select Start|Run. Type 'Regedit' and press return. The registry editor will open.
Before you edit the registry, you should make a backup. In the Registry menu, click on Export Registry File, in Export Range select All, then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE key:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\
Winlogon\GinaDLL = C:\windows\system32\newgina.dll
and delete it if it exists.
Close the Registry Editor and restart your computer.
Check the contents of the file C:\543567.tmp. Replace any passwords etc. mentioned there, then delete this file.
More Information
Troj/Gina is a DLL which is a replacement for MSGINA.DLL, the authentication library in Windows NT. It is installed by copying it to C:\windows\system32\newgina.dll and adding the registry key
HKLM\Software\Microsoft\Windows NT\CurrentVersion\
Winlogon\GinaDLL = C:\windows\system32\newgina.dll
Once installed it logs passwords and other information in plain text to C:\543567.tmp.
|
