Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/StartPa-DL is an adware Trojan which changes the start page and search configuration for Microsoft Internet Explorer by setting the following
registry entries:

HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\Main\Search Page
HKLM\Software\Microsoft\Internet Explorer\Main\Search Page
HKCU\Software\Microsoft\Internet Explorer\Main\Search Bar
HKLM\Software\Microsoft\Internet Explorer\Main\Search Bar
HKCU\Software\Microsoft\Internet Explorer\SearchUrl
HKLM\Software\Microsoft\Internet Explorer\SearchUrl
HKCU\Software\Microsoft\Internet Explorer\Search
HKLM\Software\Microsoft\Internet Explorer\Search
HKCU\Software\Microsoft\Internet Explorer\TypedUrls

When first run Troj/StartPa-DL copies itself to the System32 folder as
WINPROC32.EXE and creates the following registry entry to run
WINPROC32.EXE automatically on startup:

Run\SpywareGuard = %SYSTEM%\WINPROC32.EXE

A file named favico.dat is created in the System32 folder to store
configuration information.

Various internet shortcuts are created in the Favorites folder, including
links to adult sites.

Troj/StartPa-DL periodically tries to download configuration data from a
remote server and may cause advertising popups to appear when the browser is