high
Summary
Summary
Action- More Information
| Included in our products from | July 2004 (3.83) |
|---|---|
| Protection available since | 8 June 2004 13:54:52 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/StartPa-DL is an adware Trojan which changes the start page and search configuration for Microsoft Internet Explorer by setting the following
registry entries:
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\Main\Search Page
HKLM\Software\Microsoft\Internet Explorer\Main\Search Page
HKCU\Software\Microsoft\Internet Explorer\Main\Search Bar
HKLM\Software\Microsoft\Internet Explorer\Main\Search Bar
HKCU\Software\Microsoft\Internet Explorer\SearchUrl
HKLM\Software\Microsoft\Internet Explorer\SearchUrl
HKCU\Software\Microsoft\Internet Explorer\Search
HKLM\Software\Microsoft\Internet Explorer\Search
HKCU\Software\Microsoft\Internet Explorer\TypedUrls
When first run Troj/StartPa-DL copies itself to the System32 folder as
WINPROC32.EXE and creates the following registry entry to run
WINPROC32.EXE automatically on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\
Run\SpywareGuard = %SYSTEM%\WINPROC32.EXE
A file named favico.dat is created in the System32 folder to store
configuration information.
Various internet shortcuts are created in the Favorites folder, including
links to adult sites.
Troj/StartPa-DL periodically tries to download configuration data from a
remote server and may cause advertising popups to appear when the browser is
active.
|
