Subscribe
The Trojan will set the Microsoft Internet Explorer and Netscape Navigator home page to the following site:
http://www.worldusa.com/It does this by modifying the following registry keys:
[HKCU\Software\Microsoft\Internet Explorer\Main][HKCU\Software\Netscape\Netscape Navigator\Main]
"Start Page" = "http://www.worldusa.com/"
The Trojan also scans C:\ for a file called prefs.js.
While searching, an error arises, which leads to the program being terminated.
- Use Task Manager to terminate the Trojan process
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Revert the modifications to the system registry:
[HKCU\Software\Microsoft\Internet Explorer\Main]
[HKCU\Software\Netscape\Netscape Navigator\Main]
"Start Page" = "%user settings%" - Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan program will change the Microsoft Internet Explorer and Netscape Navigator home page without the knowledge or consent of the user.
The program itself is a Windows PE EXE file. The Trojan is written in Visual C and is not packed in any way. The file is 204,800 bytes in size.
Payload
Hot Articles