;Template Description for Analyst:
;AnalystName: Enter your complete name
;AnalystEMailID: EMail ID of analyst
;Team: Specify team you belong to China, India, Romania or Ukraine
;Date: Define date in dd-mmm-yyy format, when you write or update this description, i.e. 10-JAN-2010
;Type: This should come from malware name, like for Virus.Win32.Virut, Type is Virus
;Platform: This is always fixed as Win32 as of now
;Family: As this description belongs to
;Variant: If you are writing for a specific variant in a family, mention so, like Virus.Win32.Virut.CE
;OVERVIEW: Give a brief overview of malware behavior
;TECHNICAL_DESCRIPTION: Give complete technical description
;SYMPTOMPS: In case system is infected with malware and there are any visible symptomps, which can be identified by end user, mention so, if any
;DISINFECTION: If there are manual steps which user can use to remove malware, like remove certain registry entries or files, should be mentioned here. ; ;http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782790 link's "Removal instructions" can be good example.
;Here are few example links, where other vendors have published information in various
;http://www.symantec.com/security_response/writeup.jsp?docid=2009-020411-2802-99
;http://www.f-secure.com/v-descs/virus_w32_virut.shtml
;http://vil.nai.com/vil/content/v_154029.htm
;http://www.avast.com/eng/win32beagle.html
;http://free.avg.com/ww-en/66558
;http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782790
;This ini file should be filled for every major variant and be attached to related ticket in trac

[INFO]
AnalystName=Vaishnavi.V.K
AnalystEMailID= vaishnavik@comodo.com
Team=India
Date=23-FEB-2010
Type=TrojWare
Platform=Win32
Subtype=
Family=Goriadu
Variant=

[OVERVIEW]
It tries to redirect to various website without user's knowledge and popups advertisements in the redirected webpages.

[TECHNICAL_DESCRIPTION]
This is a Dynamic link library file(DLL).

It changes the startpage of Internet Explorer.

It redirects to various web sites and displays popup advertisements.It tries to connect to some of the sites mentioned below

	http://www.google.cn/advanced_search?hl=zh-CN
	http://www.google.cn/preferences?hl=zh-CN
	http://www.google.cn/language_tools?hl=zh-CN
	http://www.google.cn/intl/zh-CN/ads/
	http://www.google.cn/intl/zh-CN/privacy.html
	http://check.pathtome.com/mspintcheck.html

[SYMPTOMS]

[DISINFECTION]