Win32/StartPage [Threat Name] go to Threat

Win32/StartPage.OVP [Threat Variant Name]

Category trojan
Size 6656 B
Detection created Jan 05, 2016
Detection database version 12823
Aliases Trojan.Win32.StartPage.azh (Kaspersky)
  Trojan.StartPage.1304 (Dr.Web)
  Downloader.Bancos!gen (Symantec)
Short description

Win32/StartPage.OVP is a trojan that changes the home page of certain web browsers.

Installation

The trojan does not create any copies of itself.


The trojan changes the home page of the following web browsers:

  • Internet Explorer

The following Registry entries are set:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Internet Explorer\­Main]
    • "Start Page" = "http://master%removed%x.com/?m=abc&t=ju&u=%originalstartpage%&x=%offlinefolder%&pid=1050-jub-0-d-"
    • "Offline Folder" = "%variable%"

A string with variable content is used instead of %variable% .

Other information

The trojan creates and runs a new thread with its own program code within the following processes:

  • explorer.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.