I am a part-time webmistress and just ran across this virus' handiwork and thought that some of you might be interested in it, how it works and how to remove it. It causes no damage to your computer but could be stealing traffic from sites you publish or "re-designing" the sites tht you visit.

So it's not really a virus, it's more like a hijacker.

Thanks for the info. Informative.

Download and run the latest version of Ad-Aware. You might be amazed how many virus-like spyware programs are running on your computer.

I'm sorry, but anyone would be crazy to download software from this site without further proof from a reputable virus site such as Symantec.

We already had a virus hoax on a previous thread today. The virus invited people to throw out a file which turned out to be an important part of the Windows file system. Stories like this have to be verified.

I personally do not download software from any site with which I am not well acquainted.

I personally do not download software from any site with which I am not well acquainted.

I'll do you one better - I don't download attachments without scanning them, even from people I know well. Anybody who does is just asking for a worm.

I can't find TopText and Surf+ at Symantec of McAfee. They maybe spyware programs, but I doubt they're viruses.

And NEVER download a program unless you know it's from a reputable source.

You obviously didn't read the article or you would know that it HAS been verified. There are a great many sites that have information and removal instruction regarding this "spyware". Go to Google.com and type in "ezula" or "yellow link virus". When these yellow links "magically" started appearing on pages I had designed, publish and host, I started digging to find out what the heck was going on and wanted to share what I had come across.

Believe me, I would NEVER dream of posting an article that I hadn't already verified seven ways from Sunday but, thank you for your concern.

I didn't need to read the article!! It wasn't a site I recognized. They could be anybody saying anything. Earlier this evening we had a poster warn everybody about a virus which could not be detected except by locating a file in your windows directory and deleting it. This unfortunate soul had actually deleted part of his file system and was begging the rest of us to do the same. Internet hoaxes are a dime a dozen.

I did find this link to slashdot, who I trust:

http://slashdot.org/features/01/07/31/2015216.shtml

The slashdot article described the problem, so it does seem to be a legitimate problem. Their article provided several links, none of which was to the site to which you have linked.

Can you swear on a stack of Bibles that the downloads to which you post don't insert their own worm into the system???

Trust everyone explicitly, but always cut the cards. - W. C. Fields

Micro$oft has their own version of this. They called it Smart Tags and included it in some beta versions of IE 6.0 and Windows XP. As reported by CNET on June 27, 2001:

Microsoft has decided to exclude Smart Tags--a technology that could alter the Web-surfing habits of millions of consumers--from the version of Windows XP that will ship later this year.

As first reported by CNET News.com, the Redmond, Wash.-based company included Smart Tags in the most recent test versions of Windows XP, an upgrade to the Windows operating system. But a company spokesman said Wednesday that the technology will not be included in the final version that will be released Oct. 25.

With Smart Tags, Microsoft can link any word on a Web page to another site chosen by the company. For example, if a person were reading a story about traveling, the word "airline" could include a link that would divert the reader to an airline or travel service chosen by Microsoft.

Thank you much for the input and insight. I thought I remembered seeing something about software that was designed to 'steal' internet traffic but hadn't thought anything else about until sites I had designed started showing up on my computer with these "yellow links". After an hour or so of research, I finally found out that the eZula plug-in downloads automatically with the KaZaa (mP3) software without the user's knowledge and despite using ZoneAlarm and anti-virus protection. The entire family here knows not to open email attachments nor run scripts from unknown sites but this was something new for us.

Thanks again for the input. That's why I posted this article here. I just KNEW that some of my fellow Freepers would have a handle on this. Thanks!

BTW: I have worked for a mainframe computer company in the states for 25 years and deal with virus hoaxes at our site about twice a year.

We have to remember that (1) this country is currently at war, (2) our computer networks have been cited as a possible target.

If I were going to spread a virus, one scenario would be to create a threat which was not detectable or treated by the current virus scanning systems. The second step would be to provide the "cure" which just happened to insert the real virus into your computer. It's a lot easier to insert a virus into a computer from a runnnig program than piggybacked on an email enclosure.

Droves of well meaning people would willingly download and install the "cure"!

The Slashdot article suggests that the user of the Ezula software can "opt out" of the top text behavior, but they don't give the details. They suggest links back the the Ezula site.

http://slashdot.org/features/01/07/31/2015216.shtml

What I have found out this morning is that you can uninstall the TopText plug-in through the Windows Add/Remove programs panel, however, you must then go to the Windows/system32 directory and remove a file named stub.exe or TopText will reinstall itself on the sly. There are also "cleaners" available from several sources including LavaSoft that will perform both of these actions automatically.

Thanks for your input - this is how I (we all) learn.

"...I didn't need to read the article!! It wasn't a site I recognized..."
** *** ** *** ** *** ** *** ** ***

WOW !!

You've got to be the first human, on record, that has visited every Trust-Worthy site on the whole internet - AND - can recognize them all by only their URL.

I am truly impressed...
..and I mean that..!! !!