Troj/StartPa-NK is a Trojan for the Windows platform.
When first run, Troj/StartPa-NK copies itself to the Windows system folder and creates the following registry entry in order to run each time a user logs on:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
kalvsys
"<Windows system folder>\kalvkmi32.exe"
The following registry entries are also created:
HKCU\Software\LQ\
<several entries>
HKLM\SOFTWARE\Elitum\
<several entries>
HKLM\SOFTWARE\Microsoft\DownloadManager\
<several entries>
HKLM\SOFTWARE\ohbbackup\
<several entries>
The Trojan can harvest information and send it to a remote user via HTTP.
Troj/StartPa-NK may also attempt to download and execute arbitrary files.
The Trojan modifies the storage locations used by Internet Explorer for temporary files, cached pages and cookies.