Malware Trojan.VBS.StartPage.hs – Trojan. Is an HTML-page with scripting languages Visual Basic Script and JavaScript.
Technical details
Trojan. Is an HTML-page with scripting languages Visual Basic Script and JavaScript. Has a size of 2172 bytes.
Destructive activity
When you open an infected Web-sites, the Trojan modifies the following registry keys:
[HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ URL \ Prefixes]
“Mirc” = “http://www. *** Ligenclik.com”
[HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel] “HomePage” = “00000001”
[HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel] “HomePage” = “00000001”
[HKCU \ Software \ Microsoft \ Internet Explorer \ Main] “Start Page” = “http://www. *** Ligenclik.com”
[HKLM \ Software \ Microsoft \ Internet Explorer \ Main] “Start Page” = “http://www. *** Ligenclik.com”
This will install the specified reference as your home page. Also, when using the prefix «mirc» in Web-browser will open link «http://www. *** Ligenclik.com».
The Trojan opens a new browser window link:
http://www. *** ligenclik.com
The Trojan then closes the browser window in which it was launched, and then exits.
Removal
If your computer was not protected by Antivirus and is infected with this malware, then to delete the following:
1. Delete the original Trojan file (the location of the victim will depend on how the program originally penetrated the victim machine).
2. Change the registry key values to the original:
[HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ URL \ Prefixes] “mirc”
[HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel] “HomePage”
[HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel ] “HomePage”
[HKCU \ Software \ Microsoft \ Internet Explorer \ Main] “Start Page”
[HKLM \ Software \ Microsoft \ Internet Explorer \ Main] “Start Page”