Internet threat level: 1
Follow us on
Home→Descriptions→Trojan.Win32.StartPage.vk
Trojan.Win32.StartPage.vk
| Detected | Apr 08 2005 05:51 GMT |
| Released | Apr 08 2005 05:51 GMT |
| Published | Jun 28 2005 08:45 GMT |
Technical Details
This Trojan is a Windows PE EXE file, packed using UPX. The packed file is approximately 33KB in size, and the unpacked file is approximately 166KB in size.
Once launched the Trojan registers itself in the system register:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "bootpd.exe"=<path to infected file>
This ensures that the Trojan file will be launched each time Windows is rebooted on the victim machine.
The Trojan creates the following folder:
%Program Files%\Google
It also creates .dll, .jpg, .gif and .html files with random names in the Windows temporary catalogue, e.g.:
C:\Documents and Settings\user\Local Settings\Temp\slcpkxmjgzm.dll
The Trojan changes the Internet Explorer home page to the html file which it has created. It also adds a range of links to the Favorites menu.
The Trojan changes %System%\drivers\etc\hosts by appending the following text to the file. This means that any user attempting to view the sites listed below will be redirected to 66.180.173.39:
66.180.173.39 ar.search.yahoo.com
66.180.173.39 au.search.yahoo.com
66.180.173.39 beta.search.msn.co.in beta.search.msn.com.sg auto.search.msn.com
66.180.173.39 beta.search.msn.com beta.search.msn.at beta.search.sympatico.msn.ca beta.search.msn.co.za
66.180.173.39 beta.search.msn.dk beta.search.msn.fi beta.search.msn.fr beta.search.msn.de beta.search.msn.it
66.180.173.39 beta.search.msn.nl beta.search.msn.no beta.search.msn.es beta.search.msn.se beta.search.msn.ch
66.180.173.39 beta.search.ninemsn.com.au beta.search.xtramsn.co.nz beta.search.msn.co.uk beta.search.msn.be
66.180.173.39 br.search.yahoo.com
66.180.173.39 ca.search.yahoo.com
66.180.173.39 cf.search.yahoo.com
66.180.173.39 ct.search.yahoo.com
66.180.173.39 de.search.yahoo.com
66.180.173.39 espanol.search.yahoo.com
66.180.173.39 fr.search.yahoo.com
66.180.173.39 google.ae
66.180.173.39 google.am
66.180.173.39 google.as
66.180.173.39 google.at
66.180.173.39 google.az
66.180.173.39 google.be
66.180.173.39 google.bi
66.180.173.39 google.ca
66.180.173.39 google.cd
66.180.173.39 google.cg
66.180.173.39 google.ch
66.180.173.39 google.ci
66.180.173.39 google.cl
66.180.173.39 google.co.cr
66.180.173.39 google.co.hu
66.180.173.39 google.co.il
66.180.173.39 google.co.in
66.180.173.39 google.co.je
66.180.173.39 google.co.jp
66.180.173.39 google.co.ke
66.180.173.39 google.co.kr
66.180.173.39 google.co.ls
66.180.173.39 google.co.nz
66.180.173.39 google.co.th
66.180.173.39 google.co.ug
66.180.173.39 google.co.uk
66.180.173.39 google.co.ve
66.180.173.39 google.com
66.180.173.39 google.com.ag
66.180.173.39 google.com.ar
66.180.173.39 google.com.au
66.180.173.39 google.com.br
66.180.173.39 google.com.co
66.180.173.39 google.com.cu
66.180.173.39 google.com.do
66.180.173.39 google.com.ec
66.180.173.39 google.com.fj
66.180.173.39 google.com.gi
66.180.173.39 google.com.gr
66.180.173.39 google.com.gt
66.180.173.39 google.com.hk
66.180.173.39 google.com.ly
66.180.173.39 google.com.mt
66.180.173.39 google.com.mx
66.180.173.39 google.com.my
66.180.173.39 google.com.na
66.180.173.39 google.com.nf
66.180.173.39 google.com.ni
66.180.173.39 google.com.np
66.180.173.39 google.com.pa
66.180.173.39 google.com.pe
66.180.173.39 google.com.ph
66.180.173.39 google.com.pk
66.180.173.39 google.com.pr
66.180.173.39 google.com.py
66.180.173.39 google.com.sa
66.180.173.39 google.com.sg
66.180.173.39 google.com.sv
66.180.173.39 google.com.tr
66.180.173.39 google.com.tw
66.180.173.39 google.com.ua
66.180.173.39 google.com.uy
66.180.173.39 google.com.vc
66.180.173.39 google.com.vn
66.180.173.39 google.de
66.180.173.39 google.dj
66.180.173.39 google.dk
66.180.173.39 google.es
66.180.173.39 google.fi
66.180.173.39 google.fm
66.180.173.39 google.fr
66.180.173.39 google.gg
66.180.173.39 google.gl
66.180.173.39 google.gm
66.180.173.39 google.hn
66.180.173.39 google.ie
66.180.173.39 google.it
66.180.173.39 google.kz
66.180.173.39 google.li
66.180.173.39 google.lt
66.180.173.39 google.lu
66.180.173.39 google.lv
66.180.173.39 google.mn
66.180.173.39 google.ms
66.180.173.39 google.mu
66.180.173.39 google.mw
66.180.173.39 google.nl
66.180.173.39 google.no
66.180.173.39 google.off.ai
66.180.173.39 google.pl
66.180.173.39 google.pn
66.180.173.39 google.pt
66.180.173.39 google.ro
66.180.173.39 google.ru
66.180.173.39 google.rw
66.180.173.39 google.se
66.180.173.39 google.sh
66.180.173.39 google.sk
66.180.173.39 google.sm
66.180.173.39 google.td
66.180.173.39 google.tm
66.180.173.39 google.tt
66.180.173.39 google.uz
66.180.173.39 google.vg
66.180.173.39 it.search.yahoo.com
66.180.173.39 mx.search.yahoo.com
66.180.173.39 search.msn.com search.msn.at search.sympatico.msn.ca search.msn.co.za search.ninemsn.com.au
66.180.173.39 search.msn.de search.msn.it search.msn.nl search.msn.no search.msn.es uk.search.msn.com
66.180.173.39 search.msn.se search.msn.ch search.msn.co.in search.msn.com.sg toolbar.search.msn.com
66.180.173.39 search.xtramsn.co.nz search.msn.co.uk search.msn.be search.msn.dk search.msn.fi search.msn.fr
66.180.173.39 search.yahoo.com
66.180.173.39 uk.search.yahoo.com
66.180.173.39 www.alexa.com alexa.com
66.180.173.39 www.google.ae
66.180.173.39 www.google.am
66.180.173.39 www.google.as
66.180.173.39 www.google.at
66.180.173.39 www.google.az
66.180.173.39 www.google.be
66.180.173.39 www.google.bi
66.180.173.39 www.google.ca
66.180.173.39 www.google.cd
66.180.173.39 www.google.cg
66.180.173.39 www.google.ch
66.180.173.39 www.google.ci
66.180.173.39 www.google.cl
66.180.173.39 www.google.co.cr
66.180.173.39 www.google.co.hu
66.180.173.39 www.google.co.il
66.180.173.39 www.google.co.in
66.180.173.39 www.google.co.je
66.180.173.39 www.google.co.jp
66.180.173.39 www.google.co.ke
66.180.173.39 www.google.co.kr
66.180.173.39 www.google.co.ls
66.180.173.39 www.google.co.nz
66.180.173.39 www.google.co.th
66.180.173.39 www.google.co.ug
66.180.173.39 www.google.co.uk
66.180.173.39 www.google.co.ve
66.180.173.39 www.google.com
66.180.173.39 www.google.com.ag
66.180.173.39 www.google.com.ar
66.180.173.39 www.google.com.au
66.180.173.39 www.google.com.br
66.180.173.39 www.google.com.co
66.180.173.39 www.google.com.cu
66.180.173.39 www.google.com.do
66.180.173.39 www.google.com.ec
66.180.173.39 www.google.com.fj
66.180.173.39 www.google.com.gi
66.180.173.39 www.google.com.gr
66.180.173.39 www.google.com.gt
66.180.173.39 www.google.com.hk
66.180.173.39 www.google.com.ly
66.180.173.39 www.google.com.mt
66.180.173.39 www.google.com.mx
66.180.173.39 www.google.com.my
66.180.173.39 www.google.com.na
66.180.173.39 www.google.com.nf
66.180.173.39 www.google.com.ni
66.180.173.39 www.google.com.np
66.180.173.39 www.google.com.pa
66.180.173.39 www.google.com.pe
66.180.173.39 www.google.com.ph
66.180.173.39 www.google.com.pk
66.180.173.39 www.google.com.pr
66.180.173.39 www.google.com.py
66.180.173.39 www.google.com.sa
66.180.173.39 www.google.com.sg
66.180.173.39 www.google.com.sv
66.180.173.39 www.google.com.tr
66.180.173.39 www.google.com.tw
66.180.173.39 www.google.com.ua
66.180.173.39 www.google.com.uy
66.180.173.39 www.google.com.vc
66.180.173.39 www.google.com.vn
66.180.173.39 www.google.de
66.180.173.39 www.google.dj
66.180.173.39 www.google.dk
66.180.173.39 www.google.es
66.180.173.39 www.google.fi
66.180.173.39 www.google.fm
66.180.173.39 www.google.fr
66.180.173.39 www.google.gg
66.180.173.39 www.google.gl
66.180.173.39 www.google.gm
66.180.173.39 www.google.hn
66.180.173.39 www.google.ie
66.180.173.39 www.google.it
66.180.173.39 www.google.kz
66.180.173.39 www.google.li
66.180.173.39 www.google.lt
66.180.173.39 www.google.lu
66.180.173.39 www.google.lv
66.180.173.39 www.google.mn
66.180.173.39 www.google.ms
66.180.173.39 www.google.mu
66.180.173.39 www.google.mw
66.180.173.39 www.google.nl
66.180.173.39 www.google.no
66.180.173.39 www.google.off.ai
66.180.173.39 www.google.pl
66.180.173.39 www.google.pn
66.180.173.39 www.google.pt
66.180.173.39 www.google.ro
66.180.173.39 www.google.ru
66.180.173.39 www.google.rw
66.180.173.39 www.google.se
66.180.173.39 www.google.sh
66.180.173.39 www.google.sk
66.180.173.39 www.google.sm
66.180.173.39 www.google.td
66.180.173.39 www.google.tm
66.180.173.39 www.google.tt
66.180.173.39 www.google.uz
66.180.173.39 www.google.vg
66.180.173.39 au.search.yahoo.com
66.180.173.39 beta.search.msn.co.in beta.search.msn.com.sg auto.search.msn.com
66.180.173.39 beta.search.msn.com beta.search.msn.at beta.search.sympatico.msn.ca beta.search.msn.co.za
66.180.173.39 beta.search.msn.dk beta.search.msn.fi beta.search.msn.fr beta.search.msn.de beta.search.msn.it
66.180.173.39 beta.search.msn.nl beta.search.msn.no beta.search.msn.es beta.search.msn.se beta.search.msn.ch
66.180.173.39 beta.search.ninemsn.com.au beta.search.xtramsn.co.nz beta.search.msn.co.uk beta.search.msn.be
66.180.173.39 br.search.yahoo.com
66.180.173.39 ca.search.yahoo.com
66.180.173.39 cf.search.yahoo.com
66.180.173.39 ct.search.yahoo.com
66.180.173.39 de.search.yahoo.com
66.180.173.39 espanol.search.yahoo.com
66.180.173.39 fr.search.yahoo.com
66.180.173.39 google.ae
66.180.173.39 google.am
66.180.173.39 google.as
66.180.173.39 google.at
66.180.173.39 google.az
66.180.173.39 google.be
66.180.173.39 google.bi
66.180.173.39 google.ca
66.180.173.39 google.cd
66.180.173.39 google.cg
66.180.173.39 google.ch
66.180.173.39 google.ci
66.180.173.39 google.cl
66.180.173.39 google.co.cr
66.180.173.39 google.co.hu
66.180.173.39 google.co.il
66.180.173.39 google.co.in
66.180.173.39 google.co.je
66.180.173.39 google.co.jp
66.180.173.39 google.co.ke
66.180.173.39 google.co.kr
66.180.173.39 google.co.ls
66.180.173.39 google.co.nz
66.180.173.39 google.co.th
66.180.173.39 google.co.ug
66.180.173.39 google.co.uk
66.180.173.39 google.co.ve
66.180.173.39 google.com
66.180.173.39 google.com.ag
66.180.173.39 google.com.ar
66.180.173.39 google.com.au
66.180.173.39 google.com.br
66.180.173.39 google.com.co
66.180.173.39 google.com.cu
66.180.173.39 google.com.do
66.180.173.39 google.com.ec
66.180.173.39 google.com.fj
66.180.173.39 google.com.gi
66.180.173.39 google.com.gr
66.180.173.39 google.com.gt
66.180.173.39 google.com.hk
66.180.173.39 google.com.ly
66.180.173.39 google.com.mt
66.180.173.39 google.com.mx
66.180.173.39 google.com.my
66.180.173.39 google.com.na
66.180.173.39 google.com.nf
66.180.173.39 google.com.ni
66.180.173.39 google.com.np
66.180.173.39 google.com.pa
66.180.173.39 google.com.pe
66.180.173.39 google.com.ph
66.180.173.39 google.com.pk
66.180.173.39 google.com.pr
66.180.173.39 google.com.py
66.180.173.39 google.com.sa
66.180.173.39 google.com.sg
66.180.173.39 google.com.sv
66.180.173.39 google.com.tr
66.180.173.39 google.com.tw
66.180.173.39 google.com.ua
66.180.173.39 google.com.uy
66.180.173.39 google.com.vc
66.180.173.39 google.com.vn
66.180.173.39 google.de
66.180.173.39 google.dj
66.180.173.39 google.dk
66.180.173.39 google.es
66.180.173.39 google.fi
66.180.173.39 google.fm
66.180.173.39 google.fr
66.180.173.39 google.gg
66.180.173.39 google.gl
66.180.173.39 google.gm
66.180.173.39 google.hn
66.180.173.39 google.ie
66.180.173.39 google.it
66.180.173.39 google.kz
66.180.173.39 google.li
66.180.173.39 google.lt
66.180.173.39 google.lu
66.180.173.39 google.lv
66.180.173.39 google.mn
66.180.173.39 google.ms
66.180.173.39 google.mu
66.180.173.39 google.mw
66.180.173.39 google.nl
66.180.173.39 google.no
66.180.173.39 google.off.ai
66.180.173.39 google.pl
66.180.173.39 google.pn
66.180.173.39 google.pt
66.180.173.39 google.ro
66.180.173.39 google.ru
66.180.173.39 google.rw
66.180.173.39 google.se
66.180.173.39 google.sh
66.180.173.39 google.sk
66.180.173.39 google.sm
66.180.173.39 google.td
66.180.173.39 google.tm
66.180.173.39 google.tt
66.180.173.39 google.uz
66.180.173.39 google.vg
66.180.173.39 it.search.yahoo.com
66.180.173.39 mx.search.yahoo.com
66.180.173.39 search.msn.com search.msn.at search.sympatico.msn.ca search.msn.co.za search.ninemsn.com.au
66.180.173.39 search.msn.de search.msn.it search.msn.nl search.msn.no search.msn.es uk.search.msn.com
66.180.173.39 search.msn.se search.msn.ch search.msn.co.in search.msn.com.sg toolbar.search.msn.com
66.180.173.39 search.xtramsn.co.nz search.msn.co.uk search.msn.be search.msn.dk search.msn.fi search.msn.fr
66.180.173.39 search.yahoo.com
66.180.173.39 uk.search.yahoo.com
66.180.173.39 www.alexa.com alexa.com
66.180.173.39 www.google.ae
66.180.173.39 www.google.am
66.180.173.39 www.google.as
66.180.173.39 www.google.at
66.180.173.39 www.google.az
66.180.173.39 www.google.be
66.180.173.39 www.google.bi
66.180.173.39 www.google.ca
66.180.173.39 www.google.cd
66.180.173.39 www.google.cg
66.180.173.39 www.google.ch
66.180.173.39 www.google.ci
66.180.173.39 www.google.cl
66.180.173.39 www.google.co.cr
66.180.173.39 www.google.co.hu
66.180.173.39 www.google.co.il
66.180.173.39 www.google.co.in
66.180.173.39 www.google.co.je
66.180.173.39 www.google.co.jp
66.180.173.39 www.google.co.ke
66.180.173.39 www.google.co.kr
66.180.173.39 www.google.co.ls
66.180.173.39 www.google.co.nz
66.180.173.39 www.google.co.th
66.180.173.39 www.google.co.ug
66.180.173.39 www.google.co.uk
66.180.173.39 www.google.co.ve
66.180.173.39 www.google.com
66.180.173.39 www.google.com.ag
66.180.173.39 www.google.com.ar
66.180.173.39 www.google.com.au
66.180.173.39 www.google.com.br
66.180.173.39 www.google.com.co
66.180.173.39 www.google.com.cu
66.180.173.39 www.google.com.do
66.180.173.39 www.google.com.ec
66.180.173.39 www.google.com.fj
66.180.173.39 www.google.com.gi
66.180.173.39 www.google.com.gr
66.180.173.39 www.google.com.gt
66.180.173.39 www.google.com.hk
66.180.173.39 www.google.com.ly
66.180.173.39 www.google.com.mt
66.180.173.39 www.google.com.mx
66.180.173.39 www.google.com.my
66.180.173.39 www.google.com.na
66.180.173.39 www.google.com.nf
66.180.173.39 www.google.com.ni
66.180.173.39 www.google.com.np
66.180.173.39 www.google.com.pa
66.180.173.39 www.google.com.pe
66.180.173.39 www.google.com.ph
66.180.173.39 www.google.com.pk
66.180.173.39 www.google.com.pr
66.180.173.39 www.google.com.py
66.180.173.39 www.google.com.sa
66.180.173.39 www.google.com.sg
66.180.173.39 www.google.com.sv
66.180.173.39 www.google.com.tr
66.180.173.39 www.google.com.tw
66.180.173.39 www.google.com.ua
66.180.173.39 www.google.com.uy
66.180.173.39 www.google.com.vc
66.180.173.39 www.google.com.vn
66.180.173.39 www.google.de
66.180.173.39 www.google.dj
66.180.173.39 www.google.dk
66.180.173.39 www.google.es
66.180.173.39 www.google.fi
66.180.173.39 www.google.fm
66.180.173.39 www.google.fr
66.180.173.39 www.google.gg
66.180.173.39 www.google.gl
66.180.173.39 www.google.gm
66.180.173.39 www.google.hn
66.180.173.39 www.google.ie
66.180.173.39 www.google.it
66.180.173.39 www.google.kz
66.180.173.39 www.google.li
66.180.173.39 www.google.lt
66.180.173.39 www.google.lu
66.180.173.39 www.google.lv
66.180.173.39 www.google.mn
66.180.173.39 www.google.ms
66.180.173.39 www.google.mu
66.180.173.39 www.google.mw
66.180.173.39 www.google.nl
66.180.173.39 www.google.no
66.180.173.39 www.google.off.ai
66.180.173.39 www.google.pl
66.180.173.39 www.google.pn
66.180.173.39 www.google.pt
66.180.173.39 www.google.ro
66.180.173.39 www.google.ru
66.180.173.39 www.google.rw
66.180.173.39 www.google.se
66.180.173.39 www.google.sh
66.180.173.39 www.google.sk
66.180.173.39 www.google.sm
66.180.173.39 www.google.td
66.180.173.39 www.google.tm
66.180.173.39 www.google.tt
66.180.173.39 www.google.uz
66.180.173.39 www.google.vg
Trojan
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.
Other versions
Aliases
Trojan.
- Trojan:
Generic. cb (McAfee) - Mal/Generic-L (Sophos)
- Adware/PremiumSearch (Panda)
- W32/StartpageX.
G (FPROT) - Trojan.
StartPage. 633 (DrWeb) - Win32/StartPage.
VK trojan (Nod32) - Trojan.
StartPage. vk (BitDef7) - Trojan.
StartPage!JO1tJ7Vwnss (VirusBuster) - Win32:
StartPage-LT [Trj] (AVAST) - Trojan.
Win32. StartPage (Ikarus) - Startpage.
BN (AVG) - ADSPY/PremiumSear.
1 (AVIRA) - Trojan Horse (NAV)
- NseCheckFile2() returned 0x00010018 (Norman)
- Generic.
CB (NAI) - TROJ_Generic (PCCIL)
- Trojan.
StartPage. bjy (Rising) - Trojan.
StartPage!JO1tJ7Vwnss (VirusBusterBeta)
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.