Troj/StartPa-DT is an adware Trojan which changes browser settings for
Microsoft Internet Explorer by setting the following registry entries:
HKLM\Software\Microsoft\Internet Explorer\Main\Search Bar
HKCU\Software\Microsoft\Internet Explorer\Main\Search Page
HKLM\Software\Microsoft\Internet Explorer\Main\Search Page
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKLM\Software\Microsoft\Internet Explorer\Main\Start Page
HKLM\Software\Microsoft\Internet Explorer\Main\Use Custom Search URL = 1
HKLM\Software\Microsoft\Internet Explorer\Main\Use Search Asst = no
HKCU\Software\Microsoft\Internet Explorer\Main\HOMEOldSP
HKLM\Software\Microsoft\Internet Explorer\Main\HOMEOldSP
HKCU\Software\Microsoft\Internet Explorer\Main\Search Bar
HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKCU\Software\Microsoft\Internet Explorer\Main\Use Custom Search URL = 1
HKCU\Software\Microsoft\Internet Explorer\Main\Use Search Asst = no
The Trojan registers itself as a COM object creating the registry entries:
HKCR\CLSID\<Random CLSID>\InProcServer32\(Default) =
<pathname of Troj/StartPa-DT DLL>
HKCR\CLSID\<Random CLSID>\InProcServer32\ThreadingModel =
Apartment
HKCR\PROTOCOLS\Filter\text/html\CLSID = <Random CLSID>
HKCR\PROTOCOLS\Filter\text/plain\CLSID = <Random CLSID>
The Trojan also modifies the HOSTS file, disabling any mappings to the
following sites:
count.cc
searchx.cc
google.com
yahoo.com
msn.com
netscape.com
ieautosearch