Aliases
-
Trojan.Win32.StartPage.my
-
TROJ_STARTPAG.AF
Characteristics
-
Installs itself in the registry
Affected Operating Systems
Recovery Instructions:
Please follow the instructions for removing Trojans.
You will also need to edit the following registry entries, if present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_CLASSES_ROOT entry:
Typically an unaltered registry entry will be set to
HKCR\exefile\shell\open\command\(default) = "%1" %*
the altered registry entry will be
HKCR\exefile\shell\open\command = "<Windows folder>\setdbg.exe %1 %*"
delete only the path to the worm. Do not delete anything else.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
svchost = <Windows folder>\svchost.exe
and delete it if it exists.
Close the registry editor.
You should also change your Internet Explorer settings using Tools|Internet options|General to remove any modifications made by the Trojan.