Troj/StartPa-DJ

Aliases	TrojanDropper.Win32.Small.mi
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Characteristics	Drops more malware Installs itself in the registry
Protection available since	26 October 2004 13:18:12 (GMT)
Detected by	All Sophos products

Sophos beta program
Register now for our latest beta tests

Endpoint Security and Control 9.0
Small business solutions 4.0

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/StartPa-DJ is a Trojan which modifies Microsoft Internet Explorer browser settings.

Troj/StartPa-DJ when run creates the file eplrr9.dll in the Windows system folder and creates the following registry entries so that the Trojan will run at computer restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad
eplrr9 = <Random CLSID>

HKCR\CLSID\<Random CLSID>\InprocServer32
@ = %SYSTEM%\eplrr9.dll

Troj/StartPa-DJ then modifies Microsoft Internet Explorer browser settings by changing the values of the following registry entries:

HKLM\Software\Microsoft\Internet Explorer\Main
Default_Page_URL
Default_Search_URL
First Home Page
Local Page
Search Page
Start Page

HKCU\Software\Microsoft\Internet Explorer\Main
Local Page
Start Page

The Trojan will also add Internet shortcuts to pornographic websites to the Internet Explorer Favorites folder.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/StartPa-DJ

Summary

Action

More Information