Trojan.Win32.StartPage.au

tag:Trojans

The Trojan changes the values of the following system registry keys:

[HKLM\Software\Microsoft\Internet Explorer\Styles]
"Use My Stylesheet" = "1"
"User Stylesheet" = "%WinDir%\hh.htt"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://aifind.info/"
"Search Page" = "http://aifind.info/"
"Search Bar" = "http://aifind.info/"

[HKCU\Software\Microsoft\Internet Explorer]
"SearchURL" = http://aifind.info/

It adds the following files to the current user's "Favorites":

!!! Exclusive Youngest Porn !!!.url 80 old daddies brutally fucking their daughters.url CENSORED YOUNGEST PORN.url Fresh XXX pics

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
Delete the following system registry keys: (see What is a system registry and how do I use it for details on how to edit the registry).
```
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Control" = "rundll32.exe C:\WINDOWS\system32\ctrlpan.dll,Restore ControlPanel"
```
Modify the following system registry key parameter:
```
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" = "ctrlpan.dll"
```
to the original value:
"AppInit_DLLs" = " "

Revert the following system registry key values:

[HKLM\Software\Microsoft\Internet Explorer\Styles]
"Use My Stylesheet" = "1"
"User Stylesheet" = "%WinDir%\hh.htt"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://aifind.info/"
"Search Page" = "http://aifind.info/"
"Search Bar" = "http://aifind.info/"

[HKCU\Software\Microsoft\Internet Explorer]
"SearchURL" = http://aifind.info/

Delete the file dropped by the Trojan: %WinDir%\hh.htt

Delete the following files from "Favorites":

!!! Exclusive Youngest Porn !!!.url 80 old daddies brutally fucking their daughters.url CENSORED YOUNGEST PORN.url Fresh XXX pics

This Trojan modifies the configuration of Microsoft Internet Explorer without the knowledge or consent of the user. It is a Windows DLL file. The file is 5,120 bytes in size. It is packed using UPX. The unpacked file is approximately 7KB in size.

Installation

This Trojan will be installed on the victim machine by other Trojan programs.

When launched, the Trojan creates the following file:

%WinDir%\hh.htt

In order to ensure that the Trojan is launched automatically each time the system is booted, the Trojan registers its executable file in the system registry:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Control" = "rundll32.exe C:\WINDOWS\system32\ctrlpan.dll,Restore ControlPanel"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" = "ctrlpan.dll"

Payload

next:none
previous:Trojan.Win32.StartPage.bh

Virus Source from:

New articles

TROJ_FAKEAV.WKAThis Trojan may be downloaded from the following remote sites: http://{BLOCKED}ogle.info/tre/lena.exe/{random characters} This Trojan adds the foll...TROJ_RANSOM.QOWAThis Trojan may be unknowingly downloaded by a user while visiting malicious websites. This Trojan drops the following copies of itself into the affected sys...TapSnake.ATapSnake.A is a Trojan that affects mobile phones with an Android operating system. Once installed in the phone, it carries out the following actions: ...Trojan.Win32.FraudPack.bkheOnce launched, the program will display a message stating that the computer has been infected by malicious programs: The message is displayed even if there a...Trojan-Dropper.Win32.Agent.cxdOnce activated, the Trojan copies its body and saves it to the Windows system directory as "fvfj.sxo": %System%fvfj.sxo In order to ensure that th...

Hot Articles

Trojan.Win32.StartPage.au

Computer Virus Clounds