Descripcion de McAfee:
__________________________________________
Trojan Name Risk Assessment
StartPage-DL Corporate User : Low
Home User : Low
Trojan Information
Discovery Date: 05/27/2004
Origin: Unknown
Length: 83,432 Bytes (UPX'ed) 230,400 Bytes (unpacked)
Type: Trojan
SubType: Settings Change
Minimum DAT: 4364 (06/02/2004)
Updated DAT: 4364 (06/02/2004)
Minimum Engine: 4.2.40
Description Added: 05/26/2004
Description Modified: 05/26/2004 7:22 PM (PT)
Description Menu
Trojan Characteristics
Symptoms
Method Of Infection
Removal Instructions
Variants / Aliases
Rate This page
Print This Page
Email This Page
Legend
Trojan Characteristics:
When executed this trojan modifies the Internet Explorer search and start page settings to:
These changes are made through the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"HandleSystem" = "%SysDir%\handlesys.exe"
(Where %SysDir% is the System directory, for example: C:\WINDOWS\SYSTEM32)
The following files were dropped:
%SysDir%\handlesys.exe
%SysDir%\uewxdir.exe
Top of Page
Symptoms
Modified default start page and search page in Internet Explorer, registry changes listed above and the presence of the files listed above.
Top of Page
Method Of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc.
__________________________________________
Dado que lo estamos sufriendo ya con nuestros asociados, se avisa especialmente al foro de su existencia.
saludos
ms, 27-05-2004