Troj/StartPa-BL

Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/StartPa-BL is a Trojan which modifies several registry entries related to
Microsoft Internet Explorer.

This Trojan may copy itself into the Windows System32 folder using the
filename OLEHELP.EXE and set the following registry entry to ensure that it is
executed automatically upon system restart:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
olehelp = C:\<Windows System32>\OLEHELP.EXE

This registry entry will be created:

HKCU\Software\Microsoft\Internet Explorer\Main\
Search Bar = http://find4u.net/index.htm

These will be changed to hold the following values:

HKCU\Software\Microsoft\Internet Explorer\Main\
Search Page = http://find4u.net/index.htm
Start Page = http://find4u.net/index.htm

HKCU\Software\Microsoft\Internet Explorer\SearchUrl\
"" = http://find4u.net/index.htmprovider = gogl

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\
SearchAssistant = http://find4u.net/index.htm

Troj/StartPa-BL also creates URL shortcuts in the Favourites folder called:

FREE HIDDEN CAMS WORLD
FREE SPY CAM
FREE WEB CAMS CHATS
GET THIS 4 FREE

These sites contain adult content.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy