NUEVA VARIANTE DEL STARPAGE DL SEGUN DESCRIPCION DE MCAFEE

Cerrado
Avatar de Usuario
msc hotline sat
Administrador
Administrador
Mensajes: 93124
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

NUEVA VARIANTE DEL STARPAGE DL SEGUN DESCRIPCION DE MCAFEE

Mensaje por msc hotline sat » 27 May 2004, 11:53

Una nueva variante del prolifico StarPage, del que nops está incordiando sin parar estos ultimos días, acaba de ser descrita por McAfee y será detectada por los futuros DAT 4364, si bien ya :lo controlamos y eliminamos con la nueva version 2.0 del ELISTARA.EXE



https://foros.zonavirus.com/viewtopic.php?f=5&t=860



Descripcion de McAfee:

__________________________________________



Trojan Name Risk Assessment

StartPage-DL Corporate User : Low

Home User : Low







Trojan Information

Discovery Date: 05/27/2004

Origin: Unknown

Length: 83,432 Bytes (UPX'ed) 230,400 Bytes (unpacked)

Type: Trojan

SubType: Settings Change

Minimum DAT: 4364 (06/02/2004)

Updated DAT: 4364 (06/02/2004)

Minimum Engine: 4.2.40

Description Added: 05/26/2004

Description Modified: 05/26/2004 7:22 PM (PT)

Description Menu

Trojan Characteristics

Symptoms

Method Of Infection

Removal Instructions

Variants / Aliases

Rate This page

Print This Page

Email This Page

Legend







Trojan Characteristics:

When executed this trojan modifies the Internet Explorer search and start page settings to: http://www.okww.net/



These changes are made through the registry:



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"HandleSystem" = "%SysDir%\handlesys.exe"

(Where %SysDir% is the System directory, for example: C:\WINDOWS\SYSTEM32)



The following files were dropped:



%SysDir%\handlesys.exe

%SysDir%\uewxdir.exe





Top of Page



Symptoms

Modified default start page and search page in Internet Explorer, registry changes listed above and the presence of the files listed above.

Top of Page



Method Of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc.



__________________________________________



Dado que lo estamos sufriendo ya con nuestros asociados, se avisa especialmente al foro de su existencia.



saludos



ms, 27-05-2004

Cerrado

Volver a “ALERTAS VIRICAS y utilidades de eliminacion”