Troj/StartPa-WB

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	April 2006 (4.04)
Protection available since	27 February 2006 22:42:13 (GMT)
Last updated	7 March 2006 15:29:20 (GMT)
Detected by	All Sophos products

Troj/StartPa-WB is a Trojan for the Windows platform.

When first run Troj/StartPa-WB copies itself to <Windows system folder>\wartsrv.exe.

The following registry entry is created to run wartsrv.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
useful-soft
<Windows system folder>\wartsrv.exe

Troj/StartPa-WB changes the Start Page for Microsoft Internet Explorer by setting the following registry entry:

HKCU\Software\Microsoft\Internet Explorer\Main
Start Page
http://www.teengb.com

Troj/StartPa-WB overwrites the HOSTS file to redirect a large number of websites, including websites relating to anti-virus and security.

Get reports about the latest virus and spyware threats delivered to your computer