Troj/StartPa-GD

Aliases	Trojan.Win32.StartPage.yc
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Included in our products from	July 2005 (3.95)
Protection available since	13 May 2005 18:59:20 (GMT)
Detected by	All Sophos products

You should also check your Internet Explorer settings using Tools|Internet options|General for any modifications made by the Trojan.

Troj/StartPa-GD is a Windows Trojan which alters default Internet Explorer settings.

Troj/StartPa-GD creates the file spowj.dll in the Windows system folder and creates or modifies the following registry entries:

HKLM\SOFTWARE\Classes\CLSID\{RNG-CLSID}
(default)
IE SP2 AddOn

HKLM\SOFTWARE\Classes\CLSID\{RNG-CLSID}\emanelif

HKLM\SOFTWARE\Classes\CLSID\{RNG-CLSID}\emanger

HKLM\SOFTWARE\Classes\CLSID\{RNG-CLSID}\InprocServer32
(default)
C:\\WINDOWS\\System32\\spowj.dll

HKLM\SOFTWARE\Classes\CLSID\{RNG-CLSID}\InprocServer32
ThreadingModel
Apartment

Troj/StartPa-GD also creates the following registry entries in order to install the dropped DLL as a BHO plugin.

HKLM\SOFTWARE\Microsoft\Internet Explorer\cslnam
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{RNG-CLSID}

(where RNG-CLSID is a randomly-generated sequence of 32 characters)

Get reports about the latest virus and spyware threats delivered to your computer