Latest Virus



Threat Name: Trojan.WinREG.StartPage.am
Spread Method:
Connection to Specific Sites
Instant Message(MSN,Gtalk,QQ etc.)
Connection to Specific Sites
Threat type:Trojan.WinREG
Trojan.WinREG.StartPage.am first detected:2010-03-25
Virus file known is javascript file
File Size:429K Bytes.
%Temp%\nse2.tmp\System.dll
%System%\xx_dh.reg
Level of Spread:6
Level of Threat:4
Reported Path:Unkonow path
MD5:Y7Cynr0mv2yskFEY0u1GO6bMDpGTR210
SHA1..:aDk25sI41P276nmbH1LowA3ul5OCtN433l4580q7

Alias:
Trojan.WinREG.StartPage.am [Kaspersky Lab]
Mal/Generic-A [Sophos]
Report Countries:
Philippines
Bulgaria
Colombia
France
Trojan.WinREG.StartPage.am Removal instructions:
Delete the system registry parameters:[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
(Default) = “”%ProgramFiles%\Internet Explorer\iexplore.exe” http://www.dh818.com/?22″
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AEFBE8-763F-0647-899C-A93222894D8E}\Shell\D\Command]
(Default) = “Rundll32.exe Shell32.dll,Control_RunDLL Inetcpl.cpl”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AEFBE8-763F-0647-899C-A93222894D8E}\Shell\Open\Command]
(Default) = “%ProgramFiles%\Internet Explorer\iexplore.exe http://www.dh818.com/?22″
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AEFBE8-763F-0647-899C-A93222894D8E}\Shell\ճ��\Command]
(Default) = “Rundll32.exe Shell32.dll,Control_RunDLL Inetcpl.cpl”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AEFBE8-763F-0647-899C-A93222894D8E}\Shell\ճ��]
(Default) = “ճ��”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AEFBE8-763F-0647-899C-A93222894D8E}\Shell\Open]
(Default) = “�ҵ���ҳ”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AEFBE8-763F-0647-899C-A93222894D8E}\Shell\D]
(Default) = “ɾ��(&D)”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AEFBE8-763F-0647-899C-A93222894D8E}\ShellFolder]
(Default) = “”
Attributes = 0×0000000A
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AEFBE8-763F-0647-899C-A93222894D8E}\Shell]
(Default) = “”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AEFBE8-763F-0647-899C-A93222894D8E}\DefaultIcon]
(Default) = “%ProgramFiles%\Internet Explorer\iexplore.exe”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AEFBE8-763F-0647-899C-A93222894D8E}]
(Default) = “Internet Exploer”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{86AEFBE8-763F-0647-899C-A93222894D8E}"]
(Default) = “Internet Exploer”

Use Task Manager to terminate the program s process.
How to remove Trojan.WinREG.StartPage.am :
1.Use Task Manager to terminate Trojan.WinREG.StartPage.am programs process.
2.Use killbox delete the Trojan.WinREG.StartPage.am files directly.
3.Delete the IE temporary directory and files.
4.Restart your computer to safe mode and run a whole scan.

Tags: Mal/Generic-A, Trojan.WinREG.StartPage.am

Related Viruses:

• Trojan.Win32.Pasta.keq, Mal/Generic-A (0)

Need help? Post you problem on Free Malware Remove Help forum

Trojan.WinREG.StartPage.am Summary

Virus Name:Trojan.WinREG.StartPage.am

Detected By:Kaspersky, Sophos antivirus program

Virus Trojan.WinREG.StartPage.am Detected times:2317691times

Trojan.WinREG.StartPage.am Overall Risk:Medium 7317692

Trojan.WinREG.StartPage.am file size:36176920 bytes

Trojan.WinREG.StartPage.amwas first Detected by Kaspersky, Sophos on Thursday, March 25th, 2010 , 11:58 am,Trojan.WinREG.StartPage.am is a new threats of Hacking,Malware,Spam,worm.

Remove Trojan.WinREG.StartPage.am instruction:

1.Temporarily Disable System Restore;2.Reboot computer in SafeMode;3.delte Trojan.WinREG.StartPage.am virus files and kill Trojan.WinREG.StartPage.am file task process(if have);4.Delete/Modify any values added to the registry by Trojan.WinREG.StartPage.am ;5.delete IE temp files,restart the computer and run a whole scan with Kaspersky, Sophos. Trojan.WinREG.StartPage.am virus files as following: