Home / malwarePDF  

Trojan:Win32/Startpage.XB


First posted on 20 September 2010.
Source: SecurityHome

Aliases :

Trojan:Win32/Startpage.XB is also known as TR/StartPage.acry.12 (AVG), Trojan.MulDrop1.40877 (Dr.Web), Win32/StartPage.NVC (ESET), Trojan.StartPage.YZA (VirusBuster).

Explanation :

Trojan:Win32/Startpage.XB is a trojan that changes the start page setting for the web browser Internet Explorer without a user's consent.
Top

Trojan:Win32/Startpage.XB is a trojan that changes the start page setting for the web browser Internet Explorer without a user's consent. InstallationTrojan:Win32/Startpage.XB may be installed by other malware. The trojan may be present as the following:

  • %ProgramFiles%\Internet Explorer\iehelp.exe
  • Payload Changes web browser settingTrojan:Win32/Startpage.XB changes the start page for the web browser Internet Explorer by modifying the following registry data: In subkey: HKLM\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\CommandSets value: "(default)"With data: ""%ProgramFiles%\internet explorer\iexplore.exe" http://www.22ke.com/?ceo2" When the browser is launched, it opens to the site "www.22ke.com".

    Analysis by Xinrui Qin

    Last update 20 September 2010

     

    TOP